Reputation: 667
SHA2 issue with SSL certificates in Chrome
My site on Google Chrome gets a warning about its SSL certificate. At first Chrome says:
The identity of this website has been verified by RapidSSL SHA256 CA - G3 but does not have public audit records.
But then I get a warning like that:
This site uses a weak security configuration (SHA-1 signatures), so your connection may not be private.
When i check my certificate by openssl from commandline based on this question: https://stackoverflow.com/a/26685515/317648 I get an answer like that:
Signature Algorithm: sha256WithRSAEncryption
I am confused now, why Chrome says it can be SHA1. What is the reason for that?
Upvotes: 1
Views: 2908
Answers (1)
Reputation: 4399
Whilst the certificate itself is using SHA-256, the certificates upward in the chain are likely using SHA1. You will likely need to upgrade your certificate chain files to use a more up to date version of the certificates, so in order to do this you should be able to download a new intermediate certificate from your issuer.
You can find more information on this particular issue here: Why Chrome Thinks your SHA-2 Certificate Chain is "Affirmatively Insecure"
More information on why Google are sunsetting SHA1 is available here: Why Google is Hurrying the Web to Kill SHA-1.
Upvotes: 1
Related Questions
- ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED in Google Chrome
- Chrome ERR_CERT_AUTHORITY_INVALID
- Chrome Invalid SSL Certificate Security Warning
- Chrome on MacOS raises a "ERR_CERT_WEAK_SIGNATURE_ALGORITHM" warning
- Site uses SHA-2 but Chrome still warns about weak SHA-1
- How resolve certificate SHA-1 (chrome)
- SSL Certificate not verifying in Google Chrome
- Broken ssl in Chrome
- Why does Chrome display a "SHA1" message with a SHA2 certificate
- SSL error because of standard Google Chrome Script