The certificate is expiring in less than three months. Chrome has always been clear that they don't care about SHA-1 certs that are expiring within 2015. They just want to make sure that when you renew those certs, you renew as SHA-256.<p><a href="http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html" rel="nofollow">http://googleonlinesecurity.blogspot.com/2014/09/gradually-s...</a><p>"Sites with end-entity certificates that expire between 1 January 2016 and 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as 'secure, but with minor errors' [i.e., the lock-with-yellow-triangle you also get for mixed content].<p>"Sites with end-entity certificates that expire on or after 1 January 2017, and which include a SHA-1-based signature as part of the certificate chain, will be treated as 'affirmatively insecure'. Subresources from such domain will be treated as 'active mixed content'."
I noticed that they use a 3 tier system. But even SHA-1 encryption, I wanted to talk about how it compares to the use of RC4 on AES. I am still learning about the effectual uses of encryption but it would seem to me that being able to use modulo as you swap indeces throughout the hash would enable more coerce authentication if not for the sole reason that it would be difficult to find out the derivative of both of the numbers that gave modulo. VS AES whose algorithm uses a reverse mapping of the hash in order to equate the distance from left to right between the indeces.It is said that RC$ is less secure as a method because of it is more prone to WEP attacks due to its inability to factorialize an instance of teh hash suring the scheduling phase, while it only allows for a 64 bit size whereas AES is more sutiable for 256 bit. It's adavtnage lies in large network systems but would be suitable for API distributions. In effect its PRG would be effective in taking a modulo variable being parsed as K[] progresses through the list in a function that combines it along wth the inverse natural e in to create an limit as protection from FMS attacks even at a byte level. Thanks for letting me comment and learn.
Beyond the expiry fact, I think google does pinning for their certs. If you pin your certs you don't really care a lot whether the ca is compromised, and here it's just the ca that's got sha1 signing, not the actual cert which is sha2.