I just checked Amazon's certificate and it shows it is SHA-1 signed. But Chrome does not show any warnings, like it does (the red cross) for other websites with SHA-1 signed certificates.
Am I looking at this wrong?
Asked
Active
Viewed 140 times
1 Answers
5
Chrome is flagging SHA-1 signed certs based on their expiration date.
For the full details on the different dates and indicators, please review:
http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
The cert Amazon has deployed expires Oct 2nd, 2015.
k1DBLITZ
- 3,933
- 14
- 20
-
Awesome! Nitty gritty detail. – sandyp Sep 04 '15 at 23:30
-
@k1DBLITZ [This question](http://security.stackexchange.com/questions/91446/why-is-google-still-using-a-sha1-certificate-on-its-own-site-when-they-are-phasi) has some very comprehensive discussion on the sunsetting of sha-1 on major sites. – Nic Barker Sep 05 '15 at 04:05