When this setting is enabled, Google Chrome allows SHA-1 signed certificates as long as they successfully validate and chain to a locally-installed CA certificates.
Note that this policy depends on the operating system certificate verification stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy may no longer have effect. Furthermore, this policy is intended as a temporary workaround to give enterprises more time to move away from SHA-1. This policy will be removed on or around 1 January 2019.
If this policy is not set, or it is set to false, then Google Chrome follows the publicly announced SHA-1 deprecation schedule.
| Registry Hive | HKEY_CURRENT_USER |
| Registry Path | Software\Policies\Google\ChromeOS |
| Value Name | EnableSha1ForLocalAnchors |
| Value Type | REG_DWORD |
| Enabled Value | 1 |
| Disabled Value | 0 |