I got an emergency email when I was on the bed last night, the CIO said something is wrong for their webmail, I tried it via my IPAD, everything looks good, I can access the webmail site, send email and receive email, so I replied email to him and said everything looks fine.

This morning, an email and call are coming from CIO again, he said something wrong with certificate. I thought it’s not possible I just test it yesterday.

Ok, let’s check the certificate and see the expired date is March 2018.


but when I tried to access the webmail from Microsoft Edge and IE, it shows This site is not secure.



No way, how’s this happening if our certificate is not expired? Is this Godaddy issues, this is ridiculous!!

After discussed with colleagues, test SSL via SSL checker ( https://www.sslshopper.com/ssl-checker.html ), we found their SSL certificate are using SHA-1 signature.



but why this is just happening from last night? It was likely a windows update client side has started to block SHA-1 certificates.

https://social.technet.microsoft.com/wiki/contents/articles/32288.windows-enforcement-of-sha1-certificates.aspx#Post-February_TwentySeventeen_Plan.

Now, let’s go to re-issue this certificate and fix the problem.

Hope you enjoy this post.

Cary Sun

TWITTER:@SifuSun