To determine where the error is occurring, use DigiCert SSL Installation Diagnostic Tool. Is the Error on the Browser or Server Side? If there is a cross-signed SHA-1 intermediate certificate in your certificate chain, this message may appear.
Error The certificate chain for this website contains at least one certificate that was signed using a deprecated signature algorithm based on SHA-1. This certificate is unnecessary for installations. This temporary intermediate certificate was used in years ago as part of a compatibility chain for older devices. The certificate in question is the “DigiCert High Assurance EV Root CA” certificate. The problem can affect any client platform with a locally cached or installed intermediate certificate. The problem is related to a locally installed legacy intermediate certificate that is no longer used and no longer required for the certificate installation. The Chrome browser has been particularly aggressive in how it handles SHA-1 Certificates, and customers and users on some sites secured by DigiCert have reported they are getting an error that reads, “The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it."įixing the 'outdated security settings' error is a matter of updating a few settings on your browser. These efforts include the requirement for websites to transition to use SHA-256 certificates instead of the legacy SHA-1 certificates for online encryption. Browsers have recently increased efforts to encourage administrators to take advantage of updated SSL security in order to better protect sites and users.