Fix: NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM in Google Chrome

Does your website display an error?

Is this warning “NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM” message a new one that you have come across?

If yes, this article is specifically meant for you. Don’t stress yourself by thinking as to how this error occurs or how to fix the same. I’ve got you covered.

So, before you resort to troubleshooting to fix the error, check out whether this error is from your end or it’s from the network-side or server-side.

To know the answer, it’s essential to know what causes the NET::Err_Cert_Weak_Signature_Algorithm error.

What is the “NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM” Error in Google Chrome?

There are ample reasons which cause SSL certificate warnings. They are:

Expiry of SSL certificate
Improper Configuration of SSL certificate
SSL certificate issuance is from a non-trustworthy source, making it difficult for the browser to acknowledge the same.

The NET::Err_Cert_Weak_Signature_Algorithm warning is linked with an outdated signature hashing algorithm. For example, suppose you are a site visitor, and your Chrome browser shows this error while you are visiting a site. In that case, it means that your visited website has an SSL (Secure Socket Layer) certificate installed but supports an outdated signature algorithm.

Signature Algorithm (part of cipher suite) are groups of algorithms that safeguard your connections with encryption security. Weak algorithms in the cipher suite are the main reason why Chrome shows this error.

Hence, the browser usually displays this error when the SSL certificate is issued with the outdated SHA-1 algorithm.

About the Outdated Hashing Algorithm (SHA-1) Issue:

As stated, previously the SHA-1 hash algorithm was used to encrypt communications. The same was already deplored in 2015. But, Research by CWI and Google unveiled the collision attack on SHA-1, proving that SHA-1 (having a 160-bit signature key) was not secure and migration to a safer algorithm should take place quickly for the security of electronic communications.

This announcement led to the non-recognition of the SHA-1 algorithm amongst popular browsers. As a result, they started displaying this error for sites using SSL certificates having this outdated signature hashing algorithm.

In 2017, the US National Security Agency (NSA), in collaboration with the National Institute of Science and Technology (NIST), created an upgraded version of SHA-1, named SHA-2.

This cryptographic algorithm is an advanced version of SHA-1 and is used in varied security certificates to shield the web world. The 256-bit signature key used by SHA-2 provides superior security to site data, thus becoming the standard hashing algorithm to date.

So, sites using the SHA-1 algorithm have to replace their digital security with the SHA-2 algorithm. However, suppose the site owner has not replaced the certificate or has not bought a new SSL certificate (having the upgraded SHA-2 algorithm) from the CA (Certificate Authority). In that case, the browsers are bound to show the error mentioned above.

How to Check Whether the Issue is from your End or Not?

If you are a site visitor, one of the options is to view the site from another device, which has a similar network. If the problem is still unresolved, then open the site from another network. This will help in deciding whether it’s a server problem or the network is to blame.

If the error is eliminated when another network is used, it’s a network issue, whereas if the error exists irrespective of network change, it’s a server issue.

If such a situation arises, the best solution is to inform the site owner regarding the same.

How to Fix NET::ERR_CERT_WEAK_SIGNATURE ALGORITHM Error in Google Chrome (For Website Owners):

Errors distract your site visitors and affect your network traffic. The main root of the above error is an outdated hashing algorithm, and hence the same needs to be fixed for the smooth functioning of the site.

This is a grave error since SSL security certificates use hashing algorithms for encryption and decryption of data, i.e., the browser-server data communications are secured with these hashing algorithms. They are the soul of SSL certificates, and if this security is outdated, your web security is a considerable risk.

This error can be resolved by purchasing and installing an SSL certificate having the updated hashing algorithm. So, check the current algorithm of your SSL certificate (ascertain whether it’s using SHA-1 or SHA-2). If your SSL certificate still supports the old SHA-1 version, you must purchase a new SSL certificate with the latest hashing algorithm (SHA-2) and encryption security.
Sometimes it may happen that through your SSL certificate supports the SHA-2 algorithm, the error is displayed. In such cases, your web server may be the cause because it is not supporting the latest SSL technical securities. It is recommended to check the same with your server team and resolve the issue to fix the error.

More Checking Options:

Ensure that your computer’s date and time are set correctly.
Get rid of all Chrome extensions to fix errors.
Do a malware check and install software like Malwarebytes to secure the website.

How to Fix NET::ERR_CERT_WEAK_SIGNATURE ALGORITHM Error in Google Chrome (For Website Visitors):

Usually, the web administrator resolves this error by upgrading the hashing algorithm (installing a new SSL certificate) and checking server configuration settings.

But, in some cases, the browser may be the offender. So, the web visitor needs to try out a few solutions for resolving the error. So, let’s check them out.

Update Chrome Browser:

Go to the Chrome address bar and type chrome://settings/help. This will automatically update Chrome. Later click “Relaunch”.

Get Rid of Chrome’s Cache Memory:

Many times, though the SSL certificate may be updated with the SHA-2 algorithm, some previous browser cache may tend to cause the error.

Open Chrome.
Click the 3 dots in the right-hand corner.
Go to Settings > Click “Advanced” > Click “Privacy & Security” > Clear Browsing Data.

Tick all the 3 options to clear all the browsing data.
Later select “Clear Data” and restart your browser.
Check if the error is resolved or not. If not, move to the next solution.

Reset Chrome to Default Settings:

Click on the 3 dots on the right-hand corner, open your browser and go to Settings > Click on “Advanced”.
In the “Reset and Clean up” option, click “Reset settings to their original defaults”.
Later click the “Reset Setting” button.
Restart your browser.

Clear DNS Cache:

Open Chrome > Type chrome://net-internals/#dns in the address bar.
Later click the “Clear-Host Cache button”.

All DNS issues will be settled with this solution.

Disable Chrome Extensions:

Before disabling your browser extensions, try to open the site in incognito mode to check if the error exists or not. If the error is not displayed, then browser extensions may be the cause for the same.

Click on the vertical dots and go to the “More Tools” option.
Click on “Extensions” and disable all the extensions.
Check if the error is eliminated or not.

Turn Off Anti-Virus/Firewall (not recommended):

This option is not recommended since it may be a risky move. It may expose your site to cyber-criminals. These anti-viruses software secure your computer by filtering websites.

The anti-virus software or the firewall may interfere and prevent site display, thus showing the SSL error warning. So for once, you can disable these securities temporarily and visit your desired website.

Post-site visits, don’t forget to enable them to prevent intrusions.

Ignore the Error (not recommended):

If the above options don’t resolve your error, then it means that the error needs to be resolved by the website owner. But, if you still wish to visit the website, click “Advanced” in the bottom-right corner of the error page > Proceed to xyz.site.com(unsafe).

I would personally recommend:

Never share any sensitive details (bank account details, card details, PIN, etc.) on such sites.
Never make any financial transactions on such sites.
Refrain from giving any personally identifiable information (PII) like DOB, email-id, mobile number, physical location, etc.

Since such sites use weak algorithms and are not secured, your data can be stolen and misused by hackers.

Ignore Certificate Errors from Chrome Properties:

Right-click on Chrome > Go to Properties > Shortcut.
In the Target field, write “ignore-certificate-errors” after the \chrome.exe.
Later, click Apply and OK.
Restart your browser and check if the error is fixed or not.

Clear SSL State:

In the Control Panel menu > Go to Network and Internet > Internet Options > Content.
Click the “Clear SSL State” option and press OK.

Check your Software:

If this SSL warning is displayed on all sites you are visiting; your software may be compromised. Check your software by clicking on the error message.

Once the details are expanded, check out the Issuer’s name. That’s the culprit, so fix it for error resolve.

Final Words:

When the SHA-1 algorithm is in use, not only Google Chrome but other popular browsers like Internet Explorer, Mozilla Firefox, and Microsoft Edge will also display the above-stated error.

Fix NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error by trying the solutions mentioned above, but first and foremost, go for a new SSL certificate that supports the latest SHA-2 algorithm and makes your site error-free.