Note: beginning with Chrome version 46 the yellow caution triangle has been removed from the https URL when Chrome encounters minor errors such as those described in this article.
If you use an SSL certificate (https) on your site, you may have seen a couple of new things happening in Google Chrome version 41 or later. Various warning messages such as, “The identity of this website has not been verified,” “Your connection to <domain> is not encrypted,” or other visual indications that the https connection is not secure have started to be displayed.
Those appear when your SSL certificate uses a SHA-1 signature (most SSL certificates issued before 2015 use SHA-1).
To fix the problem of browser security warnings you must re-key your SSL certificate for SHA-2. If you don’t see those warnings in Chrome and you purchased your certificate recently, it may already be SHA-2. You can verify using this test site.
If you purchased your SSL certificate from us, here’s how to re-key:
1) Contact us and we will re-generate and re-submit the CSR.
2) You’ll then get an email from GeoTrust with a link to complete the process. When completing the re-key on the GeoTrust site, be sure that SHA-2 is selected as the “Hashtag Algorithm.” You can find step-by-step instructions (and a video) here.
3) After you’ve completed the reissuing process, you’ll receive an email with the new certificate. Go to Control Panel and paste the new certificate into the SSL Manager.
If you purchased your SSL certificate elsewhere:
1) Contact us and we will re-generate the CSR and email it to you. Then you’ll have to contact the issuer of your certificate to get your certificate re-keyed for SHA-2.
2) When you receive the re-keyed certificate, go to Control Panel and paste the new certificate into the SSL Manager.
“Obsolete cryptography” message after re-keying with SHA-2
There is another potential problem after you’ve re-keyed your SSL certificate. While the address bar will show the green lock icon, if visitors look at the certificate details in Chrome, they may see an “Obsolete Cryptography” message.
What’s happening is the Chrome Browser is ignoring the cipher preference we use on the server (which includes their preferred ciphers) and pointing out any “weak ciphers” they find. You might notice that many large corporate sites are also insecure according to Chrome, for similar reasons:
That “obsolete cryptography” message may persist for a while because Google is not providing any information on exactly what they want from the server to stop calling it insecure. It would appear that Google would like to see every server everywhere remove support for all older cryptographic methods.
We understand the reasoning behind that, but the problem with removing some of those methods is doing so will shut out visitors using some older browsers and operating systems that don’t support newer methods (such as Windows XP). Since our servers are shared by many customers, it isn’t really an option for us to make global changes that prevent some visitors – even a small number – from accessing our customer’s sites.
We do maintain special servers that do not support any of the older cryptography methods, and they are available if you’d like to move your site. The servers are primarily used by customers who need a “hardened” server to pass a PCI compliance scan. But the added security does introduce some issues, such as older browsers being unable to connect to sites on those servers via https. There are also a few other caveats that may require adjustment or a work-around on your part. But if you’d like to move your site to such a server, or need more information, let us know.
We continue to monitor information from Google on recommended server configuration, as well as testing various configurations ourselves to prevent the “obsolete cryptography” message.
If you have any trouble re-keying a certificate, or if you have any questions about these ongoing changes, let us know and we’ll do our best to help.
We have updated both our Windows 2012 and Windows 2008 platforms to .NET 4.5.2.
Today we are announcing a new Website Cloud Backup solution that will backup your website off-site onto the Amazon cloud. The service comes with a web-based management portal to manage backup scheduling, versions and restoration.
As always we try to keep up to date with new Microsoft technology releases. We launched SQL 2014 hosting in both our US-based and Europe-based data centers.
We launched Managed Team Foundation Server 2013 hosting in both our US-based and UK-based data centers. This is a great option for businesses that want their own instance of TFS that is not shared with any other users and/or those who require server-side customization. TFS 2013 includes real-time collaboration enhancements with Team Rooms.
ActiveSync was an “ask” from many customers, and now some new updates in Microsoft licensing make it possible for us to offer this feature. 
Many developers are using Git for their version control nowadays. We had customers ask about Git but integrating Git with DiscountASP.NET is difficult. However, WAP includes features to integrate Git so we offer 
For a while there, we were only able to support Urban Turtle for TFS 2010. Now, the latest Urban Turtle tools for TFS 2013 and TFS 2012 are available for our Managed TFS hosting solution. And, as discussed in the previous item, Microsoft’s fast release cadence can cause breaking changes with add-ins. So when we apply updates to TFS, we also work with Urban Turtle to make sure compatibility issues are ironed out.
I know I may sound like a broken record (remember those?) but I think the renewal of the Microsoft Gold Partner status it is something important to include here because it is not a trivial task to maintain. With Microsoft continually raising the bar for the Gold Partner level, we’ve witnessed many hosts dropping in partnership level. Maintaining the Gold status is an investment and a differentiator.