When this setting is enabled, Google Chrome allows SHA-1 signed certificates as long as they successfully validate and chain to a locally-installed CA certificates.
Note that this policy depends on the operating system certificate verification stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy may no longer have effect. Furthermore, this policy is intended as a temporary workaround to give enterprises more time to move away from SHA-1. This policy will be removed on or around 1 January 2019.
If this policy is not set, or it is set to false, then Google Chrome follows the publicly announced SHA-1 deprecation schedule.
Registry Hive | HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER |
Registry Path | Software\Policies\Google\Chrome |
Value Name | EnableSha1ForLocalAnchors |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |