我的學習手記 A technical geek blog: Google Chrome cannot access any https:\\ website and the return error is "Your connection is not private" (NET:ERR_CERT_WEAK_SIGNATURE

Tuesday, April 4, 2017

Google Chrome cannot access any https:\\ website and the return error is "Your connection is not private" (NET:ERR_CERT_WEAK_SIGNATURE_ALGORITHM)

Problem:

Google Chrome cannot access any https:\\ website and the return error is "Your connection is not private" (NET:ERR_CERT_WEAK_SIGNATURE_ALGORITHM)

Affected Users:

Users who is new install Google Chrome v.56 or above (Existing user who have chrome installed and upgrade to v.56 or above did not affected)

Reason:

Proxy CA certificate still using SHA-1, it cause Google Chrome did not allow all https:\\ website access due to it remove support for SHA-1 certificate.

Workaround Solution:

Create a registry key:
EnableSha1ForLocalAnchors and Value = 1
Whether SHA-1 signed certificates issued by local trust anchors are allowed
Data type:
Boolean [Windows:REG_DWORD]
Windows registry location:
HKLM\Software\Policies\Google\Chrome\EnableSha1ForLocalAnchors

Remark:
When this setting is enabled, Google Chrome allows SHA-1 signed certificates as long as they successfully validate and chain to a locally-installed CA certificates.

Note that this policy depends on the operating system certificate verification stack allowing SHA-1 signatures. If an OS update changes the OS handling of SHA-1 certificates, this policy may no longer have effect. Further, this policy is intended as a temporary workaround to give enterprises more time to move away from SHA-1. This policy will be removed on or around January 1st 2019.

Issue fixed: