The SHA-1 cryptographic hash algorithm has been known vulnerable, Collision attacks against it are too affordable and attacks will get cheaper soon. Microsoft announced that they will phase out SHA1 certificates after 2016. Only 14,8% of sites use SHA256 certificates in September 2014, according to SSL Pulse. Google will penalize websites that use SHA1-based certificates that expire during 2016 and after. Mozilla and Google have aligned their position on the acceptance for SHA1 based certificates, the company should not be. issued after January 1, 2016, or trusted after January. 1 January 2017. Sites with end-entity certificates that. expire on or after January 2017, and which. include a SHA-“]
Source: http://securityaffairs.co/wordpress/28729/digital-id/sha-1-deprecated-can.html