Skip to main content
Jirka1
Jirka1
Explorer II
November 2, 2018
Question

SSL Deep - Chrome - NET :: ERR_CERT_WEAK_SIGNATURE_ALGORITHM

  • November 2, 2018
  • 2 replies
  • 7241 views

Hi,

 

in the month we will switch from 100D to 200E. The network is about 600PC, a bit rate of around 300Mbps and 8-12,000 connections. In terms of auditing (OneDrive blocking, file transfer over Skype, etc.) and security we want to implement SSL deep inspection. We run a Windows domain, so I tested a SelfSigned certificate using Web Enrollment Services http://kb.fortinet.com/kb...ateId=1%200%2052652981

 

The idea is that I would distribute this certificate using GPO to the stations - I'm primarily concerned about minimal manual interference at the end stations. I was really surprised that IE, Edge, Thunderbird, Outlook have no problem with this and are working reliably. The problem is set in Chrome: NET :: ERR_CERT_WEAK_SIGNATURE_ALGORITHM

because SHA-1. How do you solve this problem?

 

Thanks

Jirka

2 replies

Elthon_Abreu
Elthon_Abreu
New Member
November 2, 2018

Hi Jirka,

 

I have solved that limiting my Chrome to use TLS 1.2 and 1.1. I should try it.

 

Best regards.

Jirka1
Jirka1Author
Explorer II
November 4, 2018

 Hey Elthnon,

 

TLS is enabled but it has no effect - see screenshot. Any next idea? So how do you effectively deploy and run a deep SSL inspection in a corporate environment and a lot of computers? Thanks Jirka

Jirka1
Jirka1Author
Explorer II
November 5, 2018

azh wrote:

Hello,

 

You can update CA certificate from SHA-1 to SHA-256 like in this video - https://www.youtube.com/watch?v=KSrkWmeUcXw 

After you can install new CA certificate with SHA-256 via GPO to all your domain PCs. 

 

Hope it helps ;)

 

zhunissov4,

you are a star! It works wonderfully! Thank you very much for your help

 

Jirka

Terms & ConditionsAccessibility statement