I don't understand why I have two trusted paths and why the StartCom Certification Authority certificate of the Path #1 is weak (= SHA1) and what is the solution to solve this. Thanks in advance.
All StartCom certificates chain to SHA1 and SHA2 roots, this is by design.
If you are interested, I have seen GoDaddy and GeoTrust chains without weak roots and cross-signing.
Retrieving data ...