Make sure certificates signed with SHA-1 are not accepted anymore in ESR 45
MOzilla released Firefox 43 which did not accept SHA-1 signed certificates anymore. However, this apparently broke some MITM boxes (https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/) and they released a point update reverting this change.
We don't want to have this security feature reverted and should make sure our ESR 45 based code is rejecting SHA-1 signed certificates as expected.