Are you getting the Identity Not Verified message when you access OrangeCRM using Google’s Chrome browser? Don’t be alarmed, the link is still secure and encrypted. Please read on to find out the reason for this warning message.

Google Chrome Connection Warning

You may have noticed that you don’t get this message when using a different browser. This is because Google has withdrawn its support for the SHA-1 certificate signatures, while other browsers continue to support SHA-1-based signatures and will continue to do so until 2016.

Since OrangeCRM uses SSL/TLS encryption, SHA-1-based signatures for trusted root certificates are not a problem because TLS clients trust them by their identity rather than by the signature of their hash. We will be updating the certificates shortly to avoid Google’s warning. In the meantime you can rest assured that it is not a cause for concern.