Disable SHA-1 for Enterprise Certs

net/data/ssl/certificates/README

 This directory contains various certificates for use with SSL-related
 unit tests.
 
 ===== Real-world certificates that need manual updating
 - google.binary.p7b
 - google.chain.pem
 - google.pem_cert.p7b
 - google.pem_pkcs7.p7b
 - google.pkcs7.p7b
 - google.single.der
@@ skipping 79 matching lines @@
 
 - unittest.selfsigned.der : A self-signed certificate generated using private
      key in unittest.key.bin. The common name is "unittest".
 
 - unittest.key.bin : private key stored unencrypted.
 
 - unittest.originbound.der: A test origin-bound certificate for
      https://www.google.com:443.
 - unittest.originbound.key.der: matching PrivateKeyInfo.
 
-- x509_verify_results.chain.pem : A simple certificate chain used to test that
-    the correctly ordered, filtered certificate chain is returned during
-    verification, regardless of the order in which the intermediate/root CA
-    certificates are provided.
-
 - test_mail_google_com.pem : A certificate signed by the test CA for
     "mail.google.com". Because it is signed by that CA instead of the true CA
     for that host, it will fail the
     TransportSecurityState::IsChainOfPublicKeysPermitted test. Format
     intentionally does not include diagnostic output.
 
 - multivalue_rdn.pem : A regression test for http://crbug.com/101009. A
      certificate with all of the AttributeTypeAndValues stored within a single
      RelativeDistinguishedName, rather than one AVA per RDN as normally seen.
 
@@ skipping 22 matching lines @@
 - quic_root.crt
      These certificates are used by the ProofVerifier's unit tests of QUIC.
 
 ===== From net/data/ssl/scripts/generate-test-certs.sh
 - expired_cert.pem
 - ok_cert.pem
 - root_ca_cert.pem
     These certificates are the common certificates used by the Python test
     server for simulating HTTPS connections.
 
+- intermediate_ca_cert.pem
+- ok_cert_by_intermediate.pem
+    These certificates simulate a more common chain of root (root_ca_cert.pem)
+    to intermediate (intermediate_ca_cert.pem) to leaf
+    (ok_cert_by_intermediate.pem).
+
 - wildcard_.pem
     A certificate and private key valid for *.example.org, used in various
     net unit tests.
 
 - name_constraint_bad.pem
 - name_constraint_good.pem
     Two certificates used to test the built-in ability to restrict a root to
     a particular namespace.
 
 - bad_validity.pem
@@ skipping 33 matching lines @@
    cannot validate the applicant controls that domain.
 
 - pre_june_2016.pem
 - post_june_2016.pem
    Certs to test that policies related to enforcing CT on Symantec are
    properly gated on the issuance date.
 
 - tls_feature_extension.pem
   A certificate that contains the TLS Feature Extension.
 
+- x509_verify_results.chain.pem : A simple certificate chain used to test that
+    the correctly ordered, filtered certificate chain is returned during
+    verification, regardless of the order in which the intermediate/root CA
+    certificates are provided.
+
 ===== From net/data/ssl/scripts/generate-weak-test-chains.sh
 - 2048-rsa-root.pem
 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
 - {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-ee-by-
       {768-rsa,1024-rsa,2048-rsa,prime256v1-ecdsa}-intermediate.pem
       Test certificates used to ensure that weak keys are detected and rejected
 
 ===== From net/data/ssl/scripts/generate-cross-signed-certs.sh
 - cross-signed-leaf.pem
 - cross-signed-root-md5.pem
@@ skipping 100 matching lines @@
      aia-cert.pem has a caIssuers that points to "aia-test.invalid" as the URL
      containing the intermediate, which can be served via a URLRequestFilter.
      aia-intermediate.der is stored in DER form for convenience, since that is
      the form expected of certificates discovered via AIA.
 
 ===== From net/data/ssl/scripts/generate-self-signed-certs.sh
  - self-signed-invalid-name.pem
  - self-signed-invalid-sig.pem
      Two "self-signed" certificates with mismatched names or an invalid
      signature, respectively.