Enterprise flag to allow continued use of SHA-1 certificates by private PKIs

Private PKIs are not bound by the CA/Browser Forum's Baseline Requirements, and many not have completed the process to deprecate SHA-1 by Jan 2017, after which we'll start showing interstitials. Provide an enterprise flag that would cause SHA-1 certificates that chain to a locally installed trust anchor to display the standard HTTP page icon after Jan 2017.


Status in Chromium


Enabled by default (launch bug) in:

  • Chrome for desktop release 54
  • Chrome for Android release 54
  • Android WebView release 54
  • Opera release 41
  • Opera for Android release 41

Consensus & Standardization

  • No public signals
  • No public signals
  • No public signals
  • No signals


Last updated on 2017-06-14