SSL certs using SHA-1 now no bueno on Google Chrome

Products mentioned
Fix your broken SSL cert now

This week, Google launched Chrome version 42. This enables the complete deprecation of SHA-1 certificates in their browser. That means if your website has an SSL certificate that is using SHA-1, your address bar will look like this:

Visual indicators in Chrome 41

Google1Sites with SSL certificates that expire between Jan. 1, 2016, and Dec. 31, 2016, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors.”

Google2Sites with SSL certificates that expire on or after Jan. 1, 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as “affirmatively insecure.” Subresources such as CSS and JavaScript files from such domain will be treated as “active mixed content” and will not be loaded by the browser.

This does not impact Firefox, Safari, Internet Explorer or Opera. It only affects Google Chrome.

To see if your website is running a SHA-1 certificate, visit If you need to upgrade your certificate, check with your Certificate Authority. They should be willing to upgrade you for little to no cost.

Check out this post to learn more about why Google Chrome is phasing out SSL certs using SHA-1.

Learn about the four types of SSL certificates available.

Wildcard SSL Certificate
Extended Validation SSL Certificate
SAN SSL Certificate
Organization Validation SSL Certificate

Image by: Merlin1487 via Compfight cc

As VP and General Manager of Security Products at GoDaddy, Wayne is responsible for security products including GoDaddy’s SSL Certification Authority, code signing certificates and partnership with SiteLock. Wayne represents GoDaddy at the CA/Browser Forum, the standards body that defined Extended Validation SSL. When he’s not working or spending time with his family, he enjoys competing in amateur mountain bike races. He completed the famed Leadville Trail 100 race a few years ago.