A Layman’s resource manual to Fix NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error In Google Chrome
Do you see the ERR_CERT_WEAK_SIGNATURE_ALGORITHM error on your favorite website? Are you curious to know what causes it and how you can fix it? If so, you are in the right place because we shall now discuss everything there is to know about this rare SSL error. Before we get started, we must admit that this is a server-side SSL error that seldom occurs due to a glitch in the user’s system. In other words, it is one of those rare issues that internet users can only attempt to resolve. With that said, let us now figure out what this SSL error is and why it shows up.
Understanding the ERR_CERT_WEAK_SIGNATURE_ALGORITHM error
The ERR_CERT_WEAK_SIGNATURE_ALGORITHM error shows that the SSL Certificate’s signature hashing algorithm is outdated. Often, websites running on the SHA-1 algorithm show this error across most leading browsers, including Chrome. Suppose you don’t know what the signature algorithm means. In that case, you must know that SSL certificates make use of cryptography to secure client-server communication, and that’s made possible through a cryptographic suite.
This suite includes many algorithms that work together to encrypt the data and prevent sniffers from intercepting it. Even if they somehow managed to intercept it, they would not make sense of the encrypted data, as they would not have the private key. However, this security level is not available when any algorithm in the suite is weak, and so you see the warning message.
Therefore, to protect users from being exposed to various forms of cyberattacks such as packet sniffing, man-in-the-middle, etc. Google Chrome shows this SSL error. So, don’t blame your browser for showing up the ERR_CERT_WEAK_SIGNATURE_ALGORITHM error. This is done only to protect your data, which may otherwise be intercepted by cybercriminals.
Technicalities of the Weak Signature Error
The ERR_CERT_WEAK_SIGNATURE_ALGORITHM error occurs when the website owner uses the SHA-1 hashing algorithm. In 2017, two decades after it was first released, the SHA-1 was proven insecure by Google and some Dutch technologists. Since it had a 160-bit signature key, it posed numerous security threats, which those experts demonstrated.
Soon after, many leading platforms, including the Google Chrome Browser, began shooting out this SSL warning whenever a user tried to access a website with an SSL certificate that used the SHA-1 signature hashing algorithm. Although Google released the SHA-1 collision document in 2017, Chrome browser’s developers had begun phasing out using the SHA-1 since 2014. After that, the SHA-2 became the standard hashing algorithm, consisting of a 256-bit signature that offers superior security.
Steps to Fix NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error on Google Chrome (For Website Visitors)
In case the error does go away when you connect to a different network from the same device, the issue is with the network, but if the issue persists irrespective of the number of devices and networks changed, that means that the error is because of an issue on the server-side. Usually, this SSL error appears when the website uses an SSL with a weak signature algorithm — something that the website owner must fix. Occasionally, this may happen due to a misconfiguration on your system. In other cases, there may be issues with your browser or operating system, which may be causing the error to occur. In that case, you may want to try the below-mentioned fixes.
Dealing with antivirus and related services
One possible cause of the error is interference caused by antivirus software present on your computer. In this case, the best option would be to find an option that allows you to filter certain web services. Any option that deals with the internet protection aspect can be of help. In the worst case, you can also try to disable the antivirus and restart your computer and try re-accessing the website.
Fix the Date and Time
Incorrect date and time result in many SSL errors that show up in the Chrome browser. So, whenever you encounter one, start by correcting your date and time. You can do that by following the steps mentioned below.
Correcting Date and Time on Windows PC
- Press the Windows Key and navigate to the Control Panel.
- Select the ‘Clock and Region’ Option.
- Now click on the ‘Set Date and Time’ option.
- Choose the ‘Internet Time’ tab.
- Set automatic date and time.
Correcting Date and Time on Mac PC
- Click on the Apple Menu.
- Now find ‘System Preferences’ and click on it.
- Select the ‘Date and Time’ tab.
- You will now see ‘Set Date and Time automatically,’ click on the checkbox next to it.
The good thing about setting an automatic date and time by syncing your system’s setting with that of an internet server is that you’ll never have to bother about correcting it again.
Update your Chrome Browser.
An older version of Chrome can cause many errors, and one of those could be the ERR_CERT_WEAK_SIGNATURE_ALGORITHM error. So, update your browser and relaunch it to see if that can fix it for you.
To update your Chrome browser
- Connect to the Internet.
- Open your Chrome Browser.
- In the URL box, type ‘chrome://settings/help’
- hit enter.
This works on both Windows and Mac operating systems.
Resetting Faulty network settings
If you have identified your network as the root cause of the issue, it is best to reset it. Incorrect network settings can be causing the error, so if you have an administrator account, press Windows + S to bring up the search bar, type in “cmd,” right-click on the application, and then select the option “run as administrator.”
In the command prompt that comes up, type the following:
- ipconfig / flushdns
- ipconfig / renew
- ipconfig / registerdns
- nbtstat -r
- netsh int ip reset
- netsh winsock reset
After which, you can reset your computer to see if your issue gets solved.
Getting rid of SSL cache
Web browsers are designed to deliver a superior user experience, which is done by speeding up website access without any compromise on security. So, most browsers cache the SSL certificates to speed things up, but this could sometimes create issues. In such cases, you can try resolving that by following these steps.
- Press the Windows+R key to open the Run Command.
- Type ‘inetcpl.cpl’ in the Run Command and hit enter.
- Click on the ‘Content’ tab.
- Now click on the ‘Clear SSL State’ option.
- Press OK.
Now relaunch your Chrome Browser and access the same website, which showed the weak signature algorithm error.
- Open your Chrome Browser
- Go to chrome://settings/
- Click on ‘privacy and security.’
- Click on the ‘Clear browsing data’ option.
- Set the time range to ‘All time.’
- Check appropriate boxes. We recommend checking all three.
- Click on ‘Clear Data’ and let the process take place.
- Close the Chrome Browser. Reopen it and try accessing the same website.
Clear browser data
In case the issue is due to the browser, clearing browser data can resolve it. There may be faulty files acting as a root cause for the problem. Please note that clearing browser data also clears any browsing data, passwords, cache, etc., so back them up in case you wish to. Here is how you can do this for google chrome.
Go to the address bar, and type “chrome://settings” and press enter to open browser settings.
Under the “Privacy & Security” section, click on the button named “clear browsing data.”
Select items to be cleared and choose “all-time“ from the drop-down menu.
End all applications using the task manager and then restart your browser to check if the issue has been resolved.
Go ahead with caution.
This is a risky solution, so be entirely sure of the website’s credibility before going for this option as it may lead to a security breach of the computer. In case you are entirely sure, you can by-pass the warning given to proceed to visit the website. To do this, click on the website to be visited and click on the error message’s advanced button. Click on “proceed to example.com” This will redirect you to the website so that it can be accessed without any issues.
Steps to Fix NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error on Google Chrome (For Website Owners)
The error in the discussion can easily contribute to lesser footfall on your website. Hence it is essential to know how to fix it. Let us jump right into this issue.
From a website owner or website administrator’s perspective, this issue can be caused by an incorrect or flawed web server configuration or an outdated signature on the SSL certificate that the website owns.
Whichever the case might be, the onus lies in the hands of the owner/ administrator. So, here is how you should go about resolving the situation in both cases.
In case of an issue with the SSL certificate, it is due to an outdated hashing algorithm. So, in this case, the fix is pretty straightforward. It involves a re-issue of the SSL certificate using either an SHA-2 or SHA 256 algorithm for hashing. Most of the certification authorities and services dealing with SSL provide options for the same at the time of certificate order and purchase. The certification authorities may charge an additional amount in some situations, but some may also do it without any extra cost.
In case you don’t wish to go through the hassle of reissuing, buying a new SSL certificate altogether with an SHA- 256 or SHA-2 as per your preference is also an option that can be explored.
Right after a successful re-issue or purchase of the SSL certificate, the error will cease to exist.
There is a couple of other options that can be checked to ensure they aren’t contributing to the occurrence of this issue:
- Check the date and time of the computer and make sure it is set correctly.
- In case you are using Ubuntu, type “sudo apt-get install libnss3-1d.”
- Get rid of Chrome extensions. Too many extensions may also cause issues
The ERR_CERT_WEAK_SIGNATURE_ALGORITHM is not a very common error, but if you happen to face it, one of the above solutions will be able to help you. We would like to inform you that it’s not just the Chrome browser that shows up the ERR_CERT_WEAK_SIGNATURE_ALGORITHM error. You will experience it on almost all the leading browsers like Google Chrome, Internet Explorer, Microsoft Edge, and Mozilla Firefox. Even the infamous Tor Browser no longer supports the SHA-1 algorithm. Do consider both the visitor and the website owner’s side of the story and be sure to determine which side the problem lies, before getting into the solutions.