1165698 - SHA1 warning is displayed in console although SHA256 is available too

Status: RESOLVED WORKSFORME

(DevTools :: Console, defect)

Description

[RobertHarm]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150513174244

Steps to reproduce:

On my site https://www.mapsmarker.com I use a Comodo EV SSL certificate which uses both - a SHA256 and SHA1 fingerprint. As a result, in the browser console the following error is displayed: 

Diese Website verwendet ein SHA-1-Zertifikat; es wird empfohlen, Zertifikate mit Signaturalgorithmen zu verwenden, die stärkere Hashfunktionen verwenden als SHA-1.


Actual results:

The console shows a warning which is false & users might assume that the website is not secure.


Expected results:

Actually this warning should not be displayed as a valid SHA256 hash is also available within the certificate

Comment 1

[Gingerbread Man]

I don't see a single warning in the console relating to www.mapsmaker.com. They're all about third-party servers. I'm seeing “SHA1  WEAK” warnings for all of them.

https://www.ssllabs.com/ssltest/analyze.html?d=www.google.com
https://www.ssllabs.com/ssltest/analyze.html?d=maps.googleapis.com
https://www.ssllabs.com/ssltest/analyze.html?d=maps.gstatic.com
https://www.ssllabs.com/ssltest/analyze.html?d=a.tile.openstreetmap.org
https://www.ssllabs.com/ssltest/analyze.html?d=b.tile.openstreetmap.org
https://www.ssllabs.com/ssltest/analyze.html?d=c.tile.openstreetmap.org
https://www.ssllabs.com/ssltest/analyze.html?d=dev.virtualearth.net

Comment 2

[RobertHarm]

you are right - sorry, my fault - thought that error is coming from my main domain and not from the third-party servers. closing ticket...