Private PKIs are not bound by the CA/Browser Forum's Baseline Requirements, and many not have completed the process to deprecate SHA-1 by Jan 2017, after which we'll start showing interstitials. Provide an enterprise flag that would cause SHA-1 certificates that chain to a locally installed trust anchor to display the standard HTTP page icon after Jan 2017.
Docs: https://www.chromium.org/Home/chromium-security/education/tls/sha-1 http://go/ltvrp