Table of Contents
2
Home » Wiki » How to Fix NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error in Chrome

How to Fix NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error in Chrome

by | SSL Errors

How to Fix NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error in Chrome

What Does ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error Mean?

The NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM is a common error that users may encounter when trying to access certain websites using Google Chrome. This error indicates that the certificate presented by the website uses a weak signature algorithm that Chrome no longer trusts for security reasons. However, there are a few things you can try to resolve this error and access the website again.

Understanding NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error

When you try to access a secure website, your browser validates the website’s security certificate to ensure the connection is encrypted. Part of this validation process involves checking the signature algorithm used to sign the certificate.

In recent years, security researchers have identified vulnerabilities in some older signature algorithms like SHA-1. As a result, browser vendors like Google have started distrusting certificates signed with weak algorithms.

Starting with Chrome 56, Google Chrome completely blocks SHA-1 certificates. If a website presents a certificate signed with SHA-1 or any other weak hash algorithm, Chrome will block the connection and show the NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM error to prevent any security issues.

Also Read: How to Fix NET::ERR_CERT_COMMON_NAME_INVALID Chrome Error?

Why You Get NET:ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error

There are a few reasons why you may be getting the NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error in Chrome:

The website certificate is signed with SHA-1 or another weak algorithm – Most commonly, you’ll get this error because the website certificate uses the outdated SHA-1 hashing algorithm. Chrome requires certificates to use a more secure algorithm like SHA-256.

The website certificate has expired – Along with weak signature algorithms, an expired certificate can also trigger this error in Chrome. Check the certificate validity dates.

Connection interception – In some cases, security software or network monitoring tools can intercept the connection, presenting their own certificate instead. These interception certificates often use weak algorithms.

Site misconfiguration – The website may be misconfigured and presenting the wrong certificate for the domain. This is rare but can result in a cert error like this.

So, in most cases, the underlying cause is that the website needs to renew their certificates and switch to more secure algorithms like SHA-256.

Step-by-Step Guide to Fix NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM

Here are some troubleshooting steps you can try to resolve the NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error in Chrome:

1. Clear Browsing Data

The first step is to clear your Chrome browsing data. This will wipe any cached certificate data that may be causing issues:

  • Open Google Chrome and click on the 3 vertical dots in the top-right corner to open the menu
  • Select Settings from the menu
  • In the Settings screen, scroll down and click on Advanced
  • Under Privacy and Security, click on Clear browsing data
  • Select the time range as All time
  • Check the boxes for Cookies, Cache and Hosted app data
  • Click Clear data

Once cleared, try loading the website again and see if the error persists. Clearing browsing data often resolves transient certificate errors.

2. Make Sure Chrome is Up-To-Date

Outdated browser versions may not recognize newer certificates with improved security standards. Ensure you’re running the latest version of Chrome:

  • Click on the 3 vertical dots again and select Help > About Google Chrome
  • Chrome will automatically check for updates and install the newest version
  • Restart Chrome after the update completes
  • Try accessing the site again to see if the cert error is resolved

Keeping Chrome updated ensures compatibility with newer certificate algorithms and fixes any potential bugs.

3. Temporarily Enable Weak Ciphers

If the site certificate is signed using SHA-1 or another weak hash, you may be able to temporarily bypass the error by enabling insecure cipher suites:

  • Type chrome://flags in the address bar and press Enter
  • Search for the flag “Temporarily enable outdated TLS 1.0 and TLS 1.1 protocols” and enable it
  • Restart Chrome for this change to take effect

Warning: Enabling weak ciphers compromises security and should only be used as a temporary workaround. Disable the flags after accessing the necessary site.

4. Use the chrome://net-internals Tool

Chrome has an advanced networking tool that provides detailed certificate information. Using it can help diagnose the problem:

  • Type chrome://net-internals in the address bar and press Enter
  • Click on the https section listed under NETWORK LOGGING
  • Go to Events View and filter for certificates
  • Try reloading the site that causes the error

This will log all certificate events, including the reason for any errors. The technical details can help determine if the problem is a weak algorithm, expired cert, or misconfiguration.

5. Temporary Disable Security Software

Antivirus software and firewalls sometimes intercept secure connections, presenting their own certificate. You may be able to bypass the problem by temporarily disabling any security apps and trying again.

If the site now works, try reinstalling the security apps one by one to identify which one was causing the interception. You can then configure it to avoid interfering with your browser certificates.

This will help determine if there is something intercepting the connection and causing the invalid certificate error.

6. Try in Incognito Mode

Launching Chrome in incognito mode starts the browser without any extensions or customizations. Try accessing the problematic site in incognito mode:

  • Open Chrome and click on the 3 vertical dots in the top-right corner
  • Select New Incognito Window
  • Visit the website that was showing the certificate error

If the site now works, then one of your Chrome extensions is likely the issue. Follow these steps:

  • Open Chrome normally and go to Settings
  • Click Extensions from the left menu
  • Disable all extensions one by one to identify any causing certificate problems

You can also try using Incognito mode with extensions enabled to test each one

7. Try Disabling Chrome Flags

Chrome flags are experimental features that could sometimes trigger issues with certificates and security. Try launching Chrome with all flags disabled:

  • Close all Chrome windows
  • Open Command Prompt/Terminal
  • Enter: chrome.exe –disable-features=ChromeUA
  • This will start Chrome with all flags turned off
  • Visit the problematic site to see if the error persists

If the site now works, restart Chrome normally and disable any recent custom flags you may have enabled in chrome://flags.

Also Read: How to Fix NET::ERR_CERT_DATE_INVALID Error in Chrome

8. Clear OS Certificate Store

As a last resort, you can try clearing all cached SSL certificates from your operating system certificate store:

On Windows

  • Go to Start and type “Manage computer certificates”
  • Open the result and go to Trusted Root Certification Authorities > Certificates
  • Select all certificates and delete them

On Mac

  • Open Keychain Access
  • Go to the System keychain and delete all certificates

On Linux

  • Open certmgr and delete all certificates in the Trusted Certificates tab

Warning: This will delete ALL your stored SSL certificates and can cause problems with other secure sites if not done properly. Only attempt this as a final troubleshooting step.

After clearing the certificates, restart your browser and system. Any deleted certificates will be reacquired as you visit secure websites. Hopefully this resolves any caching problems that may be triggering the signature algorithm error.

How to Prevent NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error?

While the steps above can help fix the NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error, here are some tips to avoid encountering it in the future:

  • Keep your browser and operating system updated at all times – this ensures support for newer certificate standards
  • Don’t change any advanced browser settings like flags unless you understand the impact
  • Use trusted security software and firewalls – improperly configured tools can sometimes interfere with certificates
  • Use sites over HTTPS wherever possible – HTTP sites are more vulnerable to security issues like weak certs
  • Clear your browser cache and cookies periodically – this removes any stale certificate data
  • If owning the problematic site, replace SHA-1 SSL certs with SHA-256 ones to resolve the issue for all visitors

Conclusion

The NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error essentially means the affected site’s security certificate is using older, insecure algorithms that Chrome no longer trusts. While the exact cause can vary, the problem lies with the site configuration and not your browser.

 There are several troubleshooting methods you can try like updating Chrome, clearing cached data, using Incognito mode, disabling extensions, and modifying security tools. However, the website owner ultimately needs to renew their certificate with stronger algorithms like SHA-256.

Related Articles:

Fix ERR_CONNECTION_TIMED_OUT ErrorFix ERR_CONNECTION_TIMED_OUT Error How to Fix PR_END_OF_FILE_ERROR in FirefoxHow to Fix PR_END_OF_FILE_ERROR in Firefox? Fix HTTP 304 Not Modified Status CodeHow to Fix HTTP 304 Not Modified Status Code?