What you see is now is not the "green address bar" you would expect with an EV certificate, but the following:
The reason for that is the following announcement on the Google Online Security blog:
The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be since at least 2005 — 9 years ago. Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper.
That’s why Chrome will start the process of sunsetting SHA-1 (as used in certificate signatures for HTTPS) with Chrome 39 in November. ... Sites with end-entity certificates that expire between 1 June 2016 to 31 December 2016 (inclusive), and which include a SHA-1-based signature as part of the certificate chain, will be treated as “secure, but with minor errors”.
The "secure but with minor errors" is indicated by the warning sign in the padlock and outdated security settings in the extended message are the fact that the certificate relies on the SHA-1 hash algorithm.
What you need to do is the following:
Generate a new private key with a SHA-256 hash and a new Certificate Signing Request (CSR) and get your SSL provider to re-issue you with a new certificate. With EV certificates a re-issue typically requires more or less the same hoops you had to jump through to get the certificate initially, but you should get a new certificate valid until the same expiry date of the current certificate at no/little additional charge.
In openssl you would use something like the following command line:
openssl req -nodes -sha256 -newkey rsa:2048 -keyout www.scirra.com.sha256.key -out www.scirra.com.sha256.csr
Best Answer
HSTS preload is a list of sites that are hard coded into Chrome, Firefox, Safari, IE 11 and Edge as being HTTPS only.
You can include a domain in to the HSTS preload list in https://hstspreload.appspot.com/
see more:
Preloading HSTS Firefox
HTTP Strict Transport Security comes to Internet Explorer 11 on Windows 8.1 and Windows 7