You may have noticed SSL warnings appearing on some Purdue websites in Google Chrome. This is because Google has decided to warn users and web developers of an upcoming change in SSL standards ahead of the time agreed upon by other browser vendors. The older SHA-1 algorithm used to sign SSL certificates is being retired as of January 1st, 2017 and replaced with the newer SHA-2 algorithm. Browsers from other vendors, such as Mozilla Firefox, Apple Safari, and Microsoft Internet Explorer, will start issuing these same warnings early next year.
Some examples of warnings that you or visitors to your sites might see are:
Google Chrome – The “https” badge will change to show a less secure connection and, if clicked, is accompanied by a warning message that reads “The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it.”
Please be assured, these certificates are valid and are not “out of date” or insecure. We have a replacement schedule in place to ensure that we will have all SHA-1 SSL certificates retired or replaced before January 1st, 2017. If you are the owner of a site we host with this issue and would like your certificate updated early, please contact us at firstname.lastname@example.org.
Additional information on this change is available from Google.