First published by NIST in 1995 – two decades ago – SHA-1 has been supplanted by SHA-2 and then SHA-3, and federal agencies were required to upgrade way back in 2010. Microsoft, Google and Mozilla all announced that their web browsers would stop accepting SHA-1 certificates by 2017. This month, Google announced a timeline for its deprecation of SHA-1, beginning with Chrome v. 48 in early January. That browser will throw an error message for web sites that are signed with a SHA-1 certificate issued after January 1, and SHA-1 will be blocked completely in Chrome sometime between July 1, 2016 and January 1, 2017.
Microsoft has announced that it will start blocking SHA-1 certificates even earlier, next June. And Mozilla is considering doing the same on July 1.