AnsweredAssumed Answered

Replacing Sha-1 Intermediate Certificate

Question asked by Tony Alfano on Dec 21, 2015
Latest reply on Jan 5, 2016 by j-mailor

We have some users reporting that Chrome is displaying a red https with a slash through it.  I suspect that the reason is that we have a SHA-1 Intermediate Certificate:


SubjectGeoTrust Primary Certification Authority
Fingerprint SHA1: 6890ed2b2c111072912ed6255459ad0db76f3ad1
Pin SHA256: SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo=
Valid untilTue, 21 Aug 2018 16:15:00 UTC (expires in 2 years and 7 months)
KeyRSA 2048 bits (e 65537)
IssuerEquifax / Equifax Secure Certificate Authority
Signature algorithmSHA1withRSA   WEAK


Here is our root cert:


SubjectGeoTrust EV SSL CA - G4
Fingerprint SHA1: 3056b343485b9d55f3e2b177a895bb0463ee3efd
Pin SHA256: owrR9U9FWDWtrFF+myoRIu75JwU4sJwzvhCNLZoY37g=
Valid untilMon, 30 Oct 2023 23:59:59 UTC (expires in 7 years and 10 months)
KeyRSA 2048 bits (e 65537)
IssuerGeoTrust Primary Certification Authority
Signature algorithmSHA256withRSA


Our "main" cert is

Signature algorithm



If I replace this intermediate cert, will older operating systems (Windows XP prior to SP3) stop working?


Thanks in advance.