 |
 |
I'm guessing most of you have seen the alert that was sent out to the IT Exchange list regarding SHA-1 certs, and unfortunately (or fortunately, depending on how you look at it) the Oct 31st 2014 date is inaccurate. What will happen beginning in November 2014 is that sites with SHA-1 certs loaded in Chrome will no longer automatically show the green Everything Is Great! bar for encrypted connections. They will still load normally and users will not be prompted about insecure connections. Sometime in Q1 2015 with Chrome 41 release, the cert validation will change. Any SHA-1 cert that is set to expire before 2017 will continue to work fine, minus the green bar. ONLY SHA-1 certificates that expire on or after 2017 will display as insecure and force the user to click through a security dialog. Microsoft is planning on a similar phasing out of SHA-1 on IE. No need to drop everything and re-issue in the next week, but it would be a good idea to have it all done by the end of the year. And even then you'll still have wiggle-room through the end of 2015.