I suppose the CA's didn't jump on issuing SHA2 certs the same day as the as the Baseline update or the MS announcement, but they don't seem to be standing still.
Wondering how many of those certs from GlobalSign, GoDaddy, GeoTrust, etc. are 4 & 5 year certs purchased prior to any announcement? As you noted CA's like to push multi-year certs.
While you can usually reissue/re-key your cert free of charge with CA's, a lot of companies are probably hesitant to make sudden moves to SHA2 when there are compatibility concerns. Many on legacy systems like Server 2003 cannot update to SHA2. As I mentioned in another comment the hotfixes only bring Server 2003 SHA2 support up to the same level as XP SP3. (Only compatible as a client, not as a server).
Also Microsoft's fastest approaching SHA2 deadline is January 2016 for CodeSigning yet Windows Vista & 7 don't support SHA2 signatures on kernel drivers. Not sure if that's been patched yet, but it would seem Microsoft isn't fully prepared to support their own policies either at the time of their own announcement.
GlobalSign, the first one on your list for example, has limited the validity on new SHA1 certs to 3 years and will reduce that to 2 years and 1 year as the MS deadline approaches. https://blog.globalsignblog.com/blog/everything-you-need-to-...
Don't know if GoDaddy has limited the validity periods, but they do list the deadlines and suggest re-keying your cert: https://support.godaddy.com/help/article/4818/information-ab...
Wondering how many of those certs from GlobalSign, GoDaddy, GeoTrust, etc. are 4 & 5 year certs purchased prior to any announcement? As you noted CA's like to push multi-year certs.
While you can usually reissue/re-key your cert free of charge with CA's, a lot of companies are probably hesitant to make sudden moves to SHA2 when there are compatibility concerns. Many on legacy systems like Server 2003 cannot update to SHA2. As I mentioned in another comment the hotfixes only bring Server 2003 SHA2 support up to the same level as XP SP3. (Only compatible as a client, not as a server).
Also Microsoft's fastest approaching SHA2 deadline is January 2016 for CodeSigning yet Windows Vista & 7 don't support SHA2 signatures on kernel drivers. Not sure if that's been patched yet, but it would seem Microsoft isn't fully prepared to support their own policies either at the time of their own announcement.