Colin Simning

SHA-1 Deprecation Schedule for Chrome

Blog Post created by Colin Simning Employee on Nov 5, 2014

As most people are probably aware, Google recently announced plans to quickly deprecate SHA-1 signed certs and prefer SHA-2 signed certs in upcoming versions of Chrome. This transition will be a multi-step process that will take place as Google releases the next three versions of Chrome with each successive version considering SHA-1 signed certificates with specific expiration date ranges to be increasingly in secure.

The good news is that Akamai can support serving SHA-256 signed certificates and it's a matter of assessing if and when current SHA-1 certs will be affected by transition. Below are some details that show Google's schedule and it's affects on the address bar icons.


There are 4 categories that Chrome uses when assessing a certificate and they have corresponding icons in the address bar:


1. fully secure

Green Lock.gif

2.  secure, but with minor errors

secure_minor errors.png

3.  neutral, lacking security


4.  affirmatively insecure



Below is a chart of the schedule based on the release version and how Chrome will treat SHA-1 signed certs based on their expiration date.

Screen Shot 2014-11-05 at 9.23.41 PM.png


It's worth noting that both Firefox and Internet Explorer will also eventually be phasing out SHA-1 in favor of SHA-2 in the not too distant future.


Here are some external links that may be helpful:

Google’s Online Security Blog Announcement:

Detailed Summary of Browsers, OSs, servers, etc that support SHA-2:

Mozilla’s SHA-1 Phase Out Plan:

Microsoft’s SHA-1 Phase Out Plan: