Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: open
They said that not all versons of windows have SHA2 support "out of the box"
I am kind of losing my mind, so bare with me...
The site is still secured by SHA1, but Chrome is going to start showing these warnings until your CDN updates their cert to one that does not include SHA1
https://support.microsoft.com/en-us/kb/2677070 [support.microsoft.com] An automatic updater of untrusted certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This updater expands on the existing automatic root update mechanism technology that is found in Windows Vista and in Windows 7 to let certificates that are compromised or are untrusted in some way be specifically flagged as untrusted.
1) I was assured by the CDN tech support that they use SHA2. Are you saying that that they use BOTH SHA1 AND SHA2, and that is what is causing the error?
Starting in early 2016 with Chrome version 48, Chrome will display a certificate error if it encounters a site with a leaf certificate that:
is signed with a SHA-1-based signature is issued on or after January 1, 2016 chains to a public CA