DEV Community

Cover image for How to Fix NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error
Jessica howe
Jessica howe

Posted on

How to Fix NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error

The NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error in Chrome is a seldom issue website visitors, and owners don’t want to come across. The error pops up when the website’s TLS/SSL certificate has an outdated signature algorithm. Note that the certificate is not at fault and has no issue with its installation. In this error, there is an issue with the signature algorithm cipher suite. The purpose of the signature algorithm is to facilitate the encryption function to secure the connection between the client and server.

Fixing this issue is important for website visitors to have a smooth browsing experience and get the information they need. For a website owner, fixing this issue is even more important as by not doing so, they will lose confidence in the website and lose potential customers. There are two ways to fix NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error in Google Chrome. The same method applies to other browsers as well, but this article will focus on fixing this error in Google Chrome only.

What is NET:: ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error in Chrome?
The NET:: ERR_CERT_WEAK_SIGNATURE_ALGORITHM error means there’s an anomaly in the SSL/TLS certificate’s hashing algorithm. SSL certificates use cryptographic signatures to secure communication between the client and server. For this purpose, the SSL/TLS certificates are secured with different hashing algorithms, including SHA-1, SHA-2, SHA-256, etc.

The NET:: ERR_CERT_WEAK_SIGNATURE_ALGORITHM issue pops up because the certificate is encrypted with the SHA-1 hashing standard. Browsers like Google Chrome show this error because the SHA-1 hashing algorithm can be easily hacked. Hence, Google Chrome warns the website visitors with a warning message. Due to the lack of effective cryptographic measures, website visitors are prone to packet sniffing and man-in-the-middle attacks.

So, whenever a website visitor comes across this error, it is important that they should not bypass the security warning and access the website nonetheless. The SHA-1 hashing algorithm has been rendered insecure by Google since 2017. This hashing algorithm has a 160-bit signature key and poses several security threats. Google started phasing out the SHA-1 hashing algorithm standard in 2014. It has been 8 years since this hashing algorithm became ineffective, and the websites still use this algorithm are not complying with the latest security standards.

Quick Steps to Fix NET:: ERR_CERT_WEAK_SIGNATURE_ALGORITHM on Google Chrome (For Website Users)
To fix NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error in Google Chrome, website visitors and owners can use different methods. Depending on who is fixing the problem, the correction methods are different.

1. As a Website Owner

Website owners need to work diligently on fixing the issue, and that too quickly. Not doing so will result in lower footfall on the website. There can be two causes for this error;

An incorrect web server configuration

Outdated signature on SSL certificate

Out of the two, outdated SSL certificates are the most prevalent issue. In consequence, the most common resolution is to get a new SSL certificate that has the latest SHA algorithm standard. At the time of reissuing the certificate, make sure to get one with SHA-2 or SHA-256 encryption hashing standard. This is going to make the certificate highly secure and deter any type of attack.

In case, getting a new certificate is more cost-efficient than reissuing the same old certificate. So, ensure that you explore both options before switching. The additional charges can come in the form of updating the SHA algorithm. But not all certificate providers will charge you extra.

As soon as you install the new SSL certificate, the issue will be resolved. However, at times the same issue can reprise, even after getting a new certificate. In that case, you can try the following options;

Check the computer’s date and time and set it in accordance with the current time and date.
For systems running on Ubuntu, type “sudo apt-get install libnss3-1d.”
At times, too many extensions on Google Chrome can also cause the NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error.

It must be noted that this is not a common error. If your website is being flagged with this error, start the resolution process immediately. However, at times, the issue can be on the user’s end and not from your end. In that case, you need to educate your users to follow the resolution steps from their end. Find out the things users can try to resolve the issue in the next section.

2. As a Website Visitor

For a website visitor, coming across this issue may not be a big deal; that is when they have other options to get the same information or service from another provider. However, at times, when the users need the service from the website they are trying to access, they can follow the following methods to resolve the issue.

Time and Date Adjustment

Incorrect time and date is a common and unforeseen errors that can cause hindrance in your browsing activities. At times, we may not even notice that the time and date on our system is incorrect. As a result of this anomaly, Google Chrome will show the error. To correct the time, go to the Control Panel in the system and adjust the date and time by selecting the right timezone.

Updating the Google Chrome Browser

Running an older version of the Google Chrome Browser can become a cause for several issues, including the NET ERR_CERT_WEAK_SIGNATURE_ALGORITHM error. To fix this issue, update the Google Chrome browser. On the Google Chrome browser, if it needs an update, you will get a notification and will see a symbol on the top right corner of the browser.

Update the browser and run it again. It should resolve the issue if an older version of the browser is the cause. If not, try implementing the next solution.

Correcting the Network Settings

An error or anomaly in the network settings can also be the reason for this issue. To fix it, you can correct or reset the network settings. The best response here is to set the network settings to its default values. If you try to edit the settings according to your wishes and take the trial and error approach, it won’t be easier to get the results. So, resetting them to default settings is ideal.

On your system, open command prompt and hit Ctrl+Shift+Enter. This will open the administrator window, and here, enter the following commands;

netsh int ip reset c:\resetlog.txt
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew

After this, restart the computer and open the same website on Google Chrome to check whether the issue has been resolved.

Clear the SSL Cache

In order to give the users a seamless user experience, web browsers save some information to increase the user’s browsing speed. As a result, the SSL cache saves the information but without compromising on the user’s security. The best option here is to clear the SSL cache. Follow the steps below for the same;

  • Open Command Prompt on your system.
  • Type inetcpl.cpl and hit enter.
  • From the dialog box that opens, click on Clear SSL State.
  • Wait for a second, and then press OK.

After doing this, relaunch the Google Chrome browser. In addition to clearing the SSL Cache, you can also clear the browser data. However, clearing the data here can also wipe off the saved passwords and other information. So, make sure to note down the passwords in another place before taking this step.

Top comments (0)