The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it

Solution 1:

Your certificate is using the outdated SHA-1 algorithm, which because of security risks Google Chrome now warns about.

• http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html
• https://community.qualys.com/blogs/securitylabs/2014/09/09/sha1-deprecation-what-you-need-to-know
• https://shaaaaaaaaaaaaa.com/check/aws.hatchlings.com

You'll need to generate a new CSR and get a replacement certificate from your SSL vendor.

https://github.com/konklone/shaaaaaaaaaaaaa/issues/24#issuecomment-54021941

For anyone with problems with RapidSSL from any of their resellers or any other GeoTrust brand certificates:

• Login to GeoTrust products using your FQDN and the email used to request the certificate
• Follow the login link sent by email
• Click reissue
• Provide a new CSR and choose SHA-256 from the drop-down

This portal is also where you revoke your old certificate.

While you get an A on SSL Labs currently, the detailed report tells you this is a problem in the orange section:

Solution 2:

For people who encounters this issue even with SHA2 and a very good rating on SSL LAB (+ NO warning): please check your libnss version. I'm currently using Ubuntu 13.10 here and libnss is version 3.15.x.

=> It seems that versions prior to 3.17, libnss check for the weakest security chain instead of the strongest. Which means that, if you have a SHA1 certificate in the chain, Chrome will display the warning anyway.

Solution: Update libnss to a newer version.