/chrome/community?hl=en
/chrome/community?hl=en
1/31/17
Original Poster
Misha Dobrovolskyy

chtome 56 sha1 problem

Good morning,

I got updated to chrome56 and it looks like chrome stopped to process any SHA1 signed certificates, but funny thing is that they block them self. Now, I can't access any google resource (only via FF).

I'm using Linux Mate. Also, Google -> HTTPS -> Servers Certificatesshows that mail.google.com untrusted, no way to remove.

Any help pls?

Update #1:
OK, looks like we have GeoTrust Global CA in chain which is sha1 certificate. That might cause a problem, but why google pushed release for the browser if their issuer doesn't do sha256? How to "fix" it now?

Update #2: Same issue for facebook (DigiCert uses sha1 signed), Looks like lot of things were broken by this update.
Community content may not be verified or up-to-date. Learn more.
Recommended Answer
Was this answer helpful?
How can we improve it?
All Replies (21)
florian.becker.ad
1/31/17
florian.becker.ad
I am having the same issue,

all Google Services fail with NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

Debian Jessie: Version 56.0.2924.76 (64-bit)
Cat-Friend
1/31/17
Cat-Friend
Hello Misha

Many thanks for your message. Yes, you guess right, Chrome Version 56 stopped supporting SHA1:

I cannot reproduce the Error message for the Sites you listed (mail.google.com). Can you provide some more details? Did you try Chrome's Incognito mode? Maybe a extension is responsible for the Problem.

Please keep me posted.
Kind regards, Cat-Friend


1/31/17
Original Poster
Misha Dobrovolskyy
Hi,

I don't have lot of extensions, just few for work (like VNC etc), but I have tried to run with all of them disabled - same.

Incognito - same.

Issue, I think is, that google sites or facebook sites has ceritificate (DigiCert for facebook and GeoTrust for google) which are sha1 signed. And that's stops chrome to work. I don;t believe issue is chrome itself as it does block properly sha1, raiser google and facebook still have sha1 certificates and especially google with forcing chrome to not work with sha1.
Cat-Friend
1/31/17
Cat-Friend
Hello again

I'm on Linux here, too (Arch64). I can open all Sites you mentioned without problems. Both Sites (google, fb) are offering sha1- AND stronger algorithms. Please try the following:

1. Stop Chrome completely
2. Do: cd ~/.config/google-chrome/; mv Default Default_Backup
3. Now start Chrome again and check

After testing, copy Default_Backup over Default to recover your Settings.

Please keep me posted.
Kind regards, Cat-Friend

1/31/17
Original Poster
Misha Dobrovolskyy
Same, it still trigger that error and wont allow me to connect.

What is the version you are using?

P.. --ignore-certificate-errors works like  charm of course
15 MORE
b_randon
4/26/17
b_randon
Hey,

I'm a young kid and I'm very unsure and I don't know how to install specific things from these different sites being listed, could anyone give me a step by step instructional list to assist me with this? I'm having the same problems where any site I try to enter has the copied and pasted piece down below pop up. Is there anyone who could help me with this? Also, I'm on a Lenovo laptop with Windows 8.1, 64 bit.

'NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM'
 
This question is locked and replying has been disabled. Still have questions? Ask the Help Community.

Badges

Some community members might have badges that indicate their identity or level of participation in a community.

 
Google Employee — Google product team members and community managers
 
Community Specialist — Google partners who help ensure the quality of community content
 
Platinum Product Expert — Community members with advanced product knowledge who help other Google users and Product Experts
 
Gold Product Expert — Community members with in-depth product knowledge who help other Google users by answering questions
 
Silver Product Expert — Community members with intermediate product knowledge who help other Google users by answering questions
 
Product Expert Alumni — Former Product Experts who are no longer members of the program
Community content may not be verified or up-to-date. Learn more.

Levels

Member levels indicate a user's level of participation in a forum. The greater the participation, the higher the level. Everyone starts at level 1 and can rise to level 10. These activities can increase your level in a forum:

  • Post an answer.
  • Having your answer selected as the best answer.
  • Having your post rated as helpful.
  • Vote up a post.
  • Correctly mark a topic or post as abuse.

Having a post marked and removed as abuse will slow a user's advance in levels.

View profile in forum?

To view this member's profile, you need to leave the current Help page.

Report abuse in forum?

This comment originated in the Google Product Forum. To report abuse, you need to leave the current Help page.

Reply in forum?

This comment originated in the Google Product Forum. To reply, you need to leave the current Help page.