Using Comodo SSL certificate but still broken HTTPS

I recently purchased a SSL certificate.

After installation, Chrome indentifies my site pages to be insecure (broken HTTPS).
“SHA-1 Certificate
The certificate for this site expires in 2017 or later, and the certificate chain contains a certificate signed using SHA-1.”

Details of the certificate show:
Version: V3
Algorithm for signature: sha256RSA
Signature hash-algorithm: sha256
Algorithm for fingerprint: sha1

What should I do to make my pages to be indentified Secure in Chrome?

Are you certain you’re using the latest stable version of Chrome for your OS? My gut suspects you’re encountering a bug with an earlier version of Chrome. I’ve never seen such an error message in Chrome with a SHA-2 based site certificate.

Without the site in question, there’s not much any of us can do besides speculate.


Thanks for your reply.
I use the latest Chrome version 55.0.2883.87

I’m using the same version on Windows 7 and unable to replicate.

However, I did a little deeper digging using OpenSSL’s s_client and see a sha-1 cert configured! This indicates you are using a mixture of IP and name based virtual hosting. I suspect that something is not configured correctly on the server end.


Thanks for investigating this matter.
I will contact my hosting cy and will let you know the outcome.