Grazie a tutti per le vostre risposte. Ho lasciato che la curiosità avesse la meglio su di me, e in realtà l'ho testata per me stesso (che stavo cercando di evitare in primo luogo). Spero che altri trovino utili questi risultati.
Come puoi vedere, ad eccezione di IE, Firefox e Chrome avvertiranno l'utilizzo di algoritmi di hashing deboli, ma ignorano completamente il problema delle chiavi a 1024 bit.
Tested July 3, 2017
Case 1: 1024bit key, MD5, no subjectAltName
-------------------------------------------------------
Firefox = Warning that cert is hashed with disabled algorithm (MD5)
Chrome = Warning that cert is missing subjectAltName
IE = no warning
Case 2: 1024bit key, MD5, subjectAltName same as subject CN
-------------------------------------------------------
Firefox = Warning that cert is hashed with disabled algorithm (MD5)
Chrome = Warning that cert is hashed with weak algorithm (MD5)
IE = no warning
Case 3: 1024bit key, SHA256, no subjectAltName
-------------------------------------------------------
Firefox = no warning
Chrome = Warning about certificate missing subjectAltName
IE = no warning
Case 4: 1024bit key, SHA256, subjectAltName same as subject CN
-------------------------------------------------------
Firefox = no warning
Chrome = no warning
IE = no warning
[1] Browser versions tested:
* Firefox 54.0.1
* Chrome 59.0.3071.115
* IE 11.0.9600.18698
[2] All tests performed on Windows 8.1 32-bit OS
[3] All server certificates signed by a self-signed Root CA,
with no Intermediate CA. Root CA certificate was installed
into the Windows certificate store using mmc.exe, and
Firefox using the Options GUI.