broken-httpsIt’s several weeks now since Google announced that they are phasing out support for certificates signed with the SHA-1 algorithm. The end result will be that, starting in Q1 2015, SHA-1 certificates with long expiry times will be treated as completely invalid by Chrome.

Unfortunately, upgrading to SHA-256 certificates will break Internet Explorer on pre-SP3 versions of XP in a horrible way. Users will get the IE Generic Page of Awfulness, making it look like your site is down.