My merchant processing bank EVO (i use authorize as payment gateway) required us to run a scan and it failed.
So I entered our url and got this message after the scan. Eveything passed except for this issue which had "medium" PCI severity
SSL Certificate Signed Using Weak Hashing Algorithm (Known CA)
I'm Alex, with the Shopify team!
Sorry to hear that! PCI scans can from time to time return false positives for issues; they tend to be a slightly blunt instrument, and don't always take the design of individual systems into account when coming up with their results.
Shopify is certified Level 1 PCI DSS compliant - you can find us on lists for both Visa and Mastercard. In addition, I'd be happy to share our attestation of compliance documents with you - I'll reach out to you via email once this response has been posted. Just respond to me there and I'll pass those documents your way!
Hope that's helped! Please feel free to let me know, and you can always give us a call or start a live chat at any time. We're open 24/7 for your convenience and always happy to assist!
Alex | Shopify
Please contact me as I am having same problem. I contacted your support over chat, but they started blaming everyone else like authorize.net which gateway we are using. Some people that call themselves "guru" at your support have no really idea what they are talking about. It appears that you have helped already someone facing these PCI scan problems.