Best IT Recipes

Net :: ERR_INSECURE_RESPONSE in Chrome

I get the error :: ERR_INSECURE_RESPONSE in the Chrome console while retrieving some data from my API

This error usually results from an unsigned certificate; however this is not a problem because I have a valid and signed certificate.

The error does not always occur, and it disappears if I restart the Chrome browser. It also does not occur in any other browser (tested on Safari, Mozilla, Opera)

Any idea why this is happening? Is this just a browser error?

+47
google-chrome
May 20 '16 at 21:09
source share
6 answers

This happens when upgrading from Chrome 55 to Chrome 56 (56.0.2924.87).
This is an increase in security.

This does not disappear by restarting the browser, and this is not an error.

Mountain View says it hopes you will never come across a message because certification authorities should stop issuing SHA-1 certificates in 2016. Just in case, Google plans to continue issuing a warning until Chrome stops supporting SHA-1 on January 1, 2017. When this day arrives, a website that still uses the function will result in a fatal network error. (Source: Engadget.com )

If this happens, the most likely reason is that your (or website) SSL certificate uses SHA1.

SHA1 is corrupted, and SSL certificates using SHA1 are no longer protected (Chrome has now shown you this, now it blocks NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM ).

Another possible reason is that your SSL certificate has expired
In addition, you must disable backward compatibility with SSL2 and SSL3 ( Poodle Attack ).

You should use only TLS (SSL 3.1+).

To test the SSL domain certificate, you can use the SSL SSL test SSL .

To find out what the problem is: Open the Chrome Developer Console (CTRL + SHIFT + J OR F12) and go to the security tab

Security

Console

More details

For more information:
https://support.google.com/chrome/answer/95617?visit_id=1-636221396724527190-3454695657&p=ui_security_indicator&rd=1

FYI:

Over the course of a decade, SHA-1 has become weaker and more insecure now it is dangerous because we tend to trust websites with "https: //" in our URLs. Other browsers, such as Mozilla Firefox and Microsoft Edge, also plan to end support in encouraging website owners to secure SHA-2 certificates as soon as possible.

If you urgently need to get around this (you need to close all running instances of Chrome first - otherwise it will not work ):

 chrome --args --ignore-certificate-errors

Please note: do not do online banking or gmail with these command line options that are active in your Chrome instance.

+64
Feb 08 '17 at 8:40
source share
β€” -

I recently had a similar problem. I tried to access the https REST endpoint, which had a self-signed certificate. I got net::ERR_INSECURE_RESPONSE in the google chrome console. I searched a bit on the Internet to find this solution that worked for me:

  • Open a new tab in the same window in which you are trying to call an API call.
  • Go to the https URL that you are trying to access the software.
  • You should see a screen similar to this: enter image description here
  • Click Advanced> go to <url> and you will see the answer (if any)
  • Now try making an API call through a script.
+50
Apr 19 '17 at 10:47 on
source share

The disadvantage of an intermediate certificate may be a problem.

You can check https: // hostname with curl, openssl or a website like https://www.digicert.com/help/ .

I don’t know why Chrome (possibly) sometimes has problems verifying these certificates.

+1
Sep 07 '16 at 13:39
source share

I was getting this error on amazon.ca, meetup.com and the Symantec homepage.

I went to the update page in the Chrome browser (it was at 53. *) and checked the update, and it showed that there were no updates. After I asked about my office, it turns out that the latest version was 55, but somehow I got stuck at 53.

After the update (I had to manually download it from the Chrome website), the problems disappeared!

+1
Nov 09 '16 at 17:40
source share

For me, the answer to this question was available on StackOverflow:

ERR_INSECURE_RESPONSE caused by changing Fiddler root directory generation using CertEnroll for Windows 7 and later

Unfortunately, this change can cause problems for users who have previously trusted the Fiddler root certificate; the browser may display an error message, for example NET :: ERR_CERT_AUTHORITY_INVALID or the certificate was not issued by a trusted certificate authority.

(Quote from source )

I had the error ERR_CERT_AUTHORITY_INVALID in the browser and ERR_INSECURE_RESPONSE shown in the Chrome developer tools.

+1
Aug 23 '17 at 4:22 on
source share

You may have encountered this problem: net :: ERR_INSECURE_RESPONSE

You need to check the encryption algorithms supported by your server. For example, for apache, you can configure the cipher suite as follows: cipher suite .

What version of chrome are you using and which server serves your APIs?

0
May 30 '16 at 9:37
source share


More articles:


All Articles