10-02-2023 01:12 PM
Hi, just curious if anyone else has run into this. Suddenly some Cisco devices are not accessible via Chrome (version 117 if that matters). These were accessible last week and the same sites/servers are not. They are fine in Firefox and Edge.
Error message is below. The certificate for the servers in question are expired, but they've been expired for months. Just wondering if something changed within Chrome? I've tried clearing cache and cookies with no luck.
This site can’t provide a secure connection
Website name sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR
Solved! Go to Solution.
11-05-2023 01:30 AM
could you please try as below,
go to chrome://flags/#use-sha1-server-handshakes and enable 'Allow SHA-1 server signatures in TLS' parameter.
Hope this will work.
10-02-2023 01:26 PM
I believe that Chrome internally "times out" when you accept an invalid cert and you have to reaccept it. Typing "this is unsafe" will allow you to then add the cert to your trust, again temporarily.
david
10-03-2023 05:11 AM - edited 10-03-2023 05:26 AM
Thank you, but no luck. I searched and it seems like if you typed (in older versions) "badidea" it would work, or in newer versions "thisisunsafe" (no spaces), but it doesn't do anything when I tried it just now. Some of the other settings recommended online like go to chrome://flags/#enable-quic and disable it didn't do it either. Thankfully Edge and Firefox still work but frustrating.
EDIT: I found a machine that had Chrome 116, and no issue. When it upgraded to 117, same error. So seems to be something about 117 that has changed, in case it helps anyone else out.
10-03-2023 08:07 AM
Any chance you can test this on non-Cisco UI? I'm curious if this is a Chrome thing or a Chrome and Cisco thing.
david
10-03-2023 11:52 AM
Hi, I thought the same thing, do you know of a site that has (for instance), an expired certificate visible from the internet and I can try and hit it with Chrome vs. say Edge?
10-03-2023 12:24 PM
10-05-2023 09:10 AM
Following..
10-05-2023 10:11 AM
I had a problem accessing the WebIU of my CISCO switch using Chrome recently, but the symptoms were different. It wasn't a SSL issue for sure. To fix that problem, I ended up completely removing Chrome and installing it again from scratch. That could've been a problem in Chrome itself or its add-ons. I can't tell.
10-05-2023 06:31 PM
I tried Chrome from another desktop from same organization and same result. Version 116 worked, but when it was upgraded to version 117, no dice.
11-05-2023 01:30 AM
could you please try as below,
go to chrome://flags/#use-sha1-server-handshakes and enable 'Allow SHA-1 server signatures in TLS' parameter.
Hope this will work.
11-06-2023 05:09 AM
Thank you @Muhammed Ashiq , this did the trick. Did you find this anywhere, like in defect?
11-06-2023 06:33 AM
We had faced similar for CUIC and other custom webservers. This was a workaround suggested by System Team. More over if you upgrade the edge to Version 119, you will get the same error.
For CUIC (v11.6) we regenerated all the Certificates through cmplatform and restarted the whole server.
I didn't get the clear root cause but after chrome upgrade it is not taking SHA-1 certificates.
Thanks,
Ashiq Mattil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide