They've actually split the deadlines for SSL Certificates and Code Signing client certificates.
The deadline for websites to upgrade their SSL Certificates is January 2017.
In January 2016, Microsoft will stop trusting code signed with a SHA1 certificate, unless it was timestamped prior to that date. In that case it will continue to be trusted until SHA1 is found be vulnerable to pre-image attack.
After reading that blog post from Microsoft, I believe even stronger now that Google is approaching this carelessly. Microsoft announced this almost a year ago and yet the blog post reads that they are giving until January 1st 2017 until they will stop accepting SHA-1 certs. Google announced this today and starting in 22 days they will be showing a Yellow Lock on my certificate just because the cert is set to expire AFTER January 1st, 2017. That is very different approaches!
Presumably the thinking is that certs shouldn't be issued with a validity more than a year or two. So certs expiring 2017 shouldn't be issued before 2015 or 2016… plenty of time for people to start issuing newer certs with stronger hashing. And if they don't… it's just a small visual warning, for now.
Other than not getting this started sooner, it seems fine to me.
