The level of security of the currently still widely used SHA-1 hash algorithm has weakened in recent years. Therefore, starting from the end of 2014 Google Chrome started displaying warnings on many websites that use SSL certificates signed with SHA-1 hash algorithm. The Google Chrome browser checks the validity period of the SSL certificate and whether the SSL certificate or the issuing intermediate certificate use the SHA-1 hash algorithm. The new warning system is in use from version 39 and higher of Google Chrome and the developer has promised to step up the warnings in each future version. The hash algorithm used in root certificates does not affect the warnings because the signatures of root certificates are not checked.
Google Chrome will start displaying various warnings about the security of your web server at the times specified in the original article for reasons listed in the aforementioned.
The Google Chrome browser also provides two types of additional information about the SSL certificate.
1. “The identity of this website has been verified by [name of the issuer] but does not have public audit records.”
This notification relates to Google Certificate Transparency (CT), which is a new control mechanism developed by Google. CT is currently mandatory for all issuers of Extended Validation Certificates (EV) or green SSL certificates. This scrutiny is not yet required for the issuers of regular SSL certificates, thus this message will be displayed about the certificates of many certification authorities.
2. “The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it.”
This message addresses the use of the SHA-1 hash algorithm in the end-user certificate or intermediate certificate, which is issued that certificate and which the Google Chrome browser must verify.
It is likely that other web browsers also start displaying similar warnings about SHA-1 in the near future. Microsoft announced already at the end of 2013 that from 01.01.2017 the Windows operating system will no longer support the SHA-1 hash algorithm in certificates.
You can check here whether the SSL certificate used in the web server is displayed with a warning from Google Chrome and in which version the content of the warning changes.