Bug #1983: SSL cert warnings on wincent.dev

Recent builds of Chrome have started displaying scary warnings for URLs like;

https://wincent.dev/a/support/registration/

Specifically, the warning reads like this:

The site's security certificate is signed using a weak signature algorithm!

You attempted to reach wincent.dev, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).

You should not proceed, especially if you have never seen this warning before for this site.

Help me understand

When you connect to a secure website, the server hosting that site presents your browser with something called a "certificate" to verify its identity. This certificate contains identity information, such as the address of the website, which is verified by a third party that your computer trusts. By checking that the address in the certificate matches the address of the website, it is possible to verify that you are securely communicating with the website you intended, and not a third party (such as an attacker on your network).

In this case, the server certificate or an intermediate CA certificate presented to your browser is signed using a weak signature algorithm such as RSA-MD2. Recent research by computer scientists showed the signature algorithm is weaker than previously believed, and the signature algorithm is rarely used by trustworthy websites today. This certificate could have been forged.