Chrome 57 blocking all Google sites due to SHA1 policy
Chrome 57 - preventing all Google sites from opening due to sha1 certificate issue.
On my machine running Chrome 57, Linux Ubuntu 14.04 64bits when I open any Google site - the cert chain used is the following. Detected using a packet analytics tool.
/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
C=US, O=Google Inc, CN=Google Internet Authority G2
/C=US/O=Google Inc/CN=Google Internet Authority G2
C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
C=US, O=Equifax, OU=Equifax Secure Certificate Authority
You can see that the last cert in the chain Issued by Equifax to GeoTrust uses sha1, I suppose that is the reason for the block.
on a colleagues machine GeoTrust is treated as the root and not Equifax and hence he is able to go online.
I also tried the following.
1. Tried setting EnableSha1ForLocalAnchors = true and restarting the Chrome processes and machine but no luck.
2. Tried importing the GeoTrust as the root CA ; failed because it already exists.
Any ideas how I can resolve this.
- The *.google.com certificate is rooted by GeoTrust Global CA. If you show otherwise, perhaps you have some bad certs cached? Try clear all your cert caches.
- If visiting secure HTTPS websites on Linux Chrome produces error ERR_CERT_WEAK_SIGNATURE_ALGORITHM, please check if the fix that works on Debian also solves the problem for you: https://productforums.google.com/d/msg/chrome/oG8tEdIfYuA/aH1s9STYBgAJ# apt-get install libnss3-1d
Some community members might have badges that indicate their identity or level of participation in a community.
Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:
- Post an answer.
- Having your answer selected as the best answer.
- Having your post rated as helpful.
- Vote up a post.
- Correctly mark a topic or post as abuse.
Having a post marked and removed as abuse will slow a user's advance in levels.
View profile in forum?
To view this member's profile, you need to leave the current Help page.
Report abuse in forum?
This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.
Reply in forum?
This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.