Check your site for weak SHA-1 certificates.Open source, by@konklone.
has a certificate chain signed with.
If Chrome still says the site uses SHA-1, it's probablya chain caching bug on your computer.
has a certificate, but needs toupdate its intermediates.
is using.
See the details atSSL Labs, orstart over.
There was an error checking. Check the developer console for details.
Check above to see if a site is still using certificates that were issued using thedangerously outdated SHA-1 signature algorithm.
As ofJanuary 1, 2016, no publicly trusted CA is allowed to issue a SHA-1 certificate. So any new certificate you get should automatically use a SHA-2 algorithm for its signature.
However, existing SHA-1 certificates are still trusted by modern browsers and operating systems. Generally, they will be removing support for SHA-1 entirely by January 1, 2017.
Legacy clients will continue to accept SHA-1 certificates, and it is possible to have requested a certificate on December 31, 2015 valid for 39 months. So, it is possible to see SHA-1 certificates in the wild that expire in 2019.
This website is anopen source project, and includes acommand line tool — pleaselend a hand!
Thanks toMathias Bynens,Justin Mayer, andJonny Barnes for inspiration and assistance.
