After performing an upgrade on Apache and modssl, I get a security warning in the security logo of the URL bar in Chrome when visiting my website on Apache server:
The site is using outdated security settings that may prevent future
versions of Chrome from being able to safely access it.
I have checked that the certificate contains both SHA1 and SHA256 fingerprints and is not expired. When viewed with Firefox, there is no issue. However, a check with Qualys shows the signature algorithm as SHA1 with RSA instead of SHA256. Also, the connection is using TLS 1.2.
What could be the cause of such warning and how to solve it?
Sorry, I just realize:
This site which is using SHA1 has no such warning, but this site does.
Best Answer
A fingerprint (sometimes thumbprint) is not something that is in the certificate, instead it's a hash calculated after the fact and shown to facilitate easier manual comparison of certificates.
It's important not to confuse this with the certificate's signature, which is an actual value in the certificate.
From the question it sounds like the signature of this certificate is indeed based on SHA-1.