Recently, our organization has undertaken an effort to replace all SHA-1 SSL certificates with SHA-2. Our Casper servers in test and production are on the list.
Concurrently with this, I observed that our Casper sites with SHA-1 certitificates would not open at all in Firefox 39 (current release) or in the Safari 9 beta. Both reference being unable to create a secure connections, with the Firefox error being more verbose (see picture).
My guess was upgrading the SSL certs to SHA-2 would address this issue, but it hasn't. Our certificate vendor is Comodo/InCommon and I imported their root CA, intermediate, and obviously the one for Tomcat into a new keystore. Has anyone gone through this process and have anything to share? I am going to engage with our security folks as well but wanted to inquire here first.
Thanks,
Bryan
