bm perumalla
asked on
chrome says SHA256 algorithm is weak even after i configure my website to use SHA256 certificate
Hello Experts,
In my project, I have to configure our web application to use HTTPS in IIS settings for serving client requests.
In the process, I created a root ca certificate from my CA server of type SHA256 and is distributed to all my client machines in the domain. Also,i created a webserver type domain certificate in CA server which is of type SHA256 and used it in SSL bindings in IIS.
When i access our website in chrome browser from one of our client machines, it says website is not not secure and throws warning that my website is using "ERR_WEAK_SIGNATURE_ALGORI THM". I don't want it to bypass it by clicking on advanced option. Instead i want google chrome to launch my webui directly using https://<mywebsite>.com/Suite.
Please let me know, what i was doing wrong here.
Regards,
Sriram
In my project, I have to configure our web application to use HTTPS in IIS settings for serving client requests.
In the process, I created a root ca certificate from my CA server of type SHA256 and is distributed to all my client machines in the domain. Also,i created a webserver type domain certificate in CA server which is of type SHA256 and used it in SSL bindings in IIS.
When i access our website in chrome browser from one of our client machines, it says website is not not secure and throws warning that my website is using "ERR_WEAK_SIGNATURE_ALGORI
Please let me know, what i was doing wrong here.
Regards,
Sriram
Chrome will do that if an intermediate certificate uses SHA1. From Chrome, take a look at each certificate in the chain. (or do the same with IE, it is easier)
ASKER
Hello Osborne,
Thanks for the reply. I don't have any intermediate certificate. All i have is one Enterprise Root CA which i created in the CA server (installed to create only SHA256 certificates). ROOT CA certificate is distributed to all clients with in the domain nightly. And for my website to use SSL settings (Require client certificate set in IIS) and https binding with 443, I created a domain certificate (WebServer Type template) assigned to *.mydomain.com. Even then, google chrome says WEAK SIGNATURE ALGORITHM. It opens in IE directly. But, I want it to open directly in chrome.
Your help is much Appreciated!!
Thanks,
Sriram
Thanks for the reply. I don't have any intermediate certificate. All i have is one Enterprise Root CA which i created in the CA server (installed to create only SHA256 certificates). ROOT CA certificate is distributed to all clients with in the domain nightly. And for my website to use SSL settings (Require client certificate set in IIS) and https binding with 443, I created a domain certificate (WebServer Type template) assigned to *.mydomain.com. Even then, google chrome says WEAK SIGNATURE ALGORITHM. It opens in IE directly. But, I want it to open directly in chrome.
Your help is much Appreciated!!
Thanks,
Sriram
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
aHatsoff btan for the solution. It surfaced my webserver OS level ssl error. system has only ssl 2.0 enabled. After enable TLS 1.2 and other best options using iiscrypto tool, chrome has opened my website in https mode.
Thanks a ton for help!!
I will become premium member with experts-exchange to get more access to the experts!!
Thanks a ton for help!!
I will become premium member with experts-exchange to get more access to the experts!!
Great to hear that. Glad to be of help.