A certificate resigning policy is in place, but the browser shows a warning related to the SHA-1 hash algorithm and certificate expiration in 2017 or later. The following is an example:
The re-signing intermediate CA certificate uses the SHA-1 hash algorithm and expires after January 1, 2017.
Many major browsers are phasing out SHA-1 support and issue a warning:
Create a new resigning CA certificate that is signed with SHA-256 or SHA-384 or SHA-512 algorithm.