Enterprise flag to allow continued use of SHA-1 certificates by private PKIs

Feature: Enterprise flag to allow continued use of SHA-1 certificates by private PKIs

Private PKIs are not bound by the CA/Browser Forum's Baseline Requirements, and many not have completed the process to deprecate SHA-1 by Jan 2017, after which we'll start showing interstitials. Provide an enterprise flag that would cause SHA-1 certificates that chain to a locally installed trust anchor to display the standard HTTP page icon after Jan 2017.

Documentation

https://www.chromium.org/Home/chromium-security/education/tls/sha-1
http://go/ltvrp

Status in Chromium

Blink components: Blink

Enabled by default (tracking bug) in:

Chrome for desktop release 54
Chrome for Android release 54
Android WebView release 54

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: No signal
Edge: No signal
Safari: No signal
Web Developers: No signals

Owners

rsleevi@chromium.org
awhalley@chromium.org

Last updated on 2020-11-09