Google has lost its confidence in SHA-1. According to the announcement in September 2014 and further recent research, it is known that Google doesn’t consider SHA-1, the algorithm used for the encryption by most SSL certificates, a secure one. Now, the company has revealed its plan to stop supporting the algorithm. Over the next year, Chrome will completely stop supporting them and it will be done in two steps; blocking new SHA-1 certificates and blocking all SHA-1 certificates.
Blocking new SHA-1 Certificates:
Starting in 2016, if a site with a leaf certificate that is signed with an SHA-1 based signature, issued on or after January 1st, 2016, and chains to a public CA is encountered with Chrome, the browser will display a certificate error. However, as per Baseline Requirements for SSL, public CAs have to stop issuing SHA-1 certificates, so users can hope not to encounter this error.
Blocking all SHA-1 Certificates:
By January 1st, 2017, Chrome will completely stop supporting SHA-1 certificates. So, sites that have an SHA-1 based signature as part of the certificate chain will provoke a fatal network error. Albeit Google says it may be “considering moving it earlier to July 1, 2016,” both Mozilla Firefox and Microsoft Edge are targeting January 1st, 2017 for this step.
Google hopes by 2017, Chrome will no longer support SHA-1. There is even a possibility that users may actually face a fatal error before the time. So, if your site still depends on SHA-1, it is recommended that you replace it as soon as possible. Alternately, SHA-2 certificates should be used for your server which is more secure.