just had this from Sagepay
Hi,
Further to our previous communication regarding our SSL Security Certificate update, we are notifying you of a change to the release date.
The LIVE update was scheduled for the 14th June 2016, however after listening to our customers it has become apparent that a short postponement is necessary to allow everyone time to complete the changes. The LIVE update will now take place on the 13th July 2016 and no further postponements will be considered.
We will be removing our current SHA-1 certificates and replacing them with SHA-256 based certificates (a version of SHA-2 certificates).
For more information on SHA please visit our support page.
How does this impact me
The way you currently process transactions uses Sage Pay hosted payment pages. As these pages are controlled by Sage Pay there is communication between our servers and yours.
Most modern software and hardware is SHA-2 compatible and it’s unlikely there will be any impact. As we do not have full visibility of the deployed ecommerce solution you will be best placed to assess the impact this may have.
To avoid any disruption to your integration you’ll need to ensure that their system is capable of working with the SHA-256 algorithm and support for SHA-1 will be disabled when we switch.
To see all compatible SHA-256 browsers and operating systems click here.
More changes in the industry
All of your connections to our servers are secured using HTTPS, which makes use of something called the Transport Layer Security (TLS) protocol to encrypt your data.
The Payment Card Industry (PCI) Council has mandated that early versions of TLS be retired from service. All organisations that handle credit card information are required to comply with this standard.
As part of this we will be updating our services to require TLS 1.2 for all HTTPS connections.
To avoid any disruption to your service you must verify that your systems are ready for this change by January 2018.