2017-03-13 20:51:40 UTC
There is a workaround, you need to add the following registry key:
Whether SHA-1 signed certificates issued by local trust anchors are allowed
Windows registry location:
Mac/Linux preference name:
Android restriction name:
• Google Chrome (Linux, Mac, Windows) since version 54
• Google Chrome OS (Google Chrome OS) since version 54
• Google Chrome (Android) since version 54
Dynamic Policy Refresh: Yes, Per Profile: No
When this setting is enabled, Google Chrome allows SHA-1 signed certificates as long as they successfully validate and chain to a locally-installed CA certificates.
Note that this policy depends on the operating system certificate verification stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy may no longer have effect. Further, this policy is intended as a temporary workaround to give enterprises more time to move away from SHA-1. This policy will be removed on or around January 1st 2019.
If this policy is not set, or it is set to false, then Google Chrome follows the publicly announced SHA-1 deprecation schedule.
0x00000000 (Windows), false (Linux), false (Android), <false /> (Mac)
Set the value to 1 and all is good again.
I opened a ticket with HPE just to try and find out what it was doing so I could check with Google, but they weren't much help at all.