As of late 2014, SHA1 certificates and it's SHA1 trust chain (not including the Root CA) will be considered insecure by Google Chrome.
A three step process will increase the severity of the warning:
- Initially SHA1 certificates that expire on/after 2017/1/1, and which contain SHA-1-based signatures in the validated chain, will be shown the "Secure, but minor errors" icon. This is a lock with a yellow triangle
![alert icon]()
- Severity will increase thereafter, where:
SHA1 certificates that expire between 2016/6/1 and 2016/12/31, inclusively, and which contain SHA-1-based signatures in the validated chain, will be shown the "Secure, but minor errors" icon. This is a lock with a yellow triangle.![alert icon]()
SHA1 certificates that expire on/after 2017/1/1, and which contain SHA-1-based signatures in the validated chain, will be shown the "Neutral, no security" icon. This is the blank page icon, as shown by HTTP URLs.
- Finally Chrome will render websites with SHA1 certificates that expire on/after 2017/1/1 and which contain SHA-1-based signatures in the validated chain, with the "Affirmatively insecure, major errors" icon. The "Affirmatively insecure, major errors"icon is a lock with a red X.
![red https]()
To resolve this issue SHA2 certificates must be installed.