A problem with mixed SHA-1/SHA-2 intermediate subordinate CAs may bring properly SHA-2 certificates and chains to be treated as insecure.