CloudFlare and SHA-1 Certificates

Google's Chrome and Mozilla's Firefox browsers will be changing their policies regarding certain web site certificates in upcoming versions. Starting with Chrome 39, certificates signed with a SHA-1 signature algorithm will be considered less trusted than those signed with a more modern SHA-2 algorithm. By Chrome 41, any website with a certificate that expires in 2016 or later will be shown as untrusted if either the certificate is signed with a SHA-1 algorithm or one of the certificates in its trust chain is signed with a SHA-1 algorithm (roots are exceptions). This change may affect many website owners, who need to re-issue their SHA-1 certificates with a shorter expiration period or upgrade to SHA-2. However, not all web browsers support SHA-2 certificates, such as Windows XP SP2. CloudFlare has reissued all certificates for paid customers, ensuring that their sites will be viewable by visitors on Windows XP SP2 and Chrome.