Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED in Google Chrome

I've got a web site that uses SSL Client certificate authorization. All client certificates are generated using OpenSSL and are self-signed. Everything worked with all web-browsers, but the recommended one was Google Chrome, because it uses same SSL warehouse as IE, so certificate installation was pretty easy (click-click-password-done!). After last update of Google "Chrome 29.0.1547.57 m" noone can access my web-server, even me. Google chrome error only! IE and FF working fine. Error is: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. Same in server error log. Do you have any suggestions? The problem is that most part of clients are non familiar with PC's and they got very frightened about that situation. So phone support guys are under the wave of calls.

like image 224
Alexey Avatar asked Aug 22 '13 07:08

Alexey


People also ask

How do I update SSL certificate in Chrome?

On the chrome://settings page and click 'Privacy and Security' in the left-hand column. Then click 'Security' and scroll down to 'Manage Certificates'. Under the "Your Certificates" tab, click "Imports" to start the certification installation process.

How to fix SSL certificate error in Google Chrome?

1. Press Windows Key + R then type inetcpl.cpl and hit Enter to open Internet Properties. 2. Switch to the “ Content ” tab and click on the Clear SSL state button. 3. Close everything and reboot your PC to save changes. See if you’re able to fix SSL Certificate Error in Chrome, if not then continue to the next method.

How to fix err_bad_SSL_client_Auth_CERT chrome error?

The first method you can try to get rid of the ERR_BAD_SSL_CLIENT_AUTH_CERT Chrome error is to update Google Chrome. The Google Chrome browser has suffered many errors related to SSL certificates, but luckily, Google will always fix these issues as soon as they are reported.

How to fix err_SSL_client_Auth_signature_failed error in chrome?

If you’re using an older version of Chrome, that can trigger the ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED error. Typically, this is an issue with the version of TLS that Chrome is using. To rule out any issues here, make sure that you’re using the latest version of Chrome before connecting. 3. Reset Chrome

Why did my certificate-based authentication fail?

problem occur. Certificate-based authentication failed This server requires a certificate for authentication, and didn't accept the one sent by the browser. Your certificate may have expired, or the server may not trust its issuer.


2 Answers

I recently had a similar issue in Chrome on Mac OS. It worked fine with Firefox, but started failing in Chrome and Safari after changing my corporate (AD) credentials -- I guess the issue was a mismatch between system creds and the keychain creds.

The solution for me was a reset of the private key(s) access permissions in the Keychain Access app.

To do the reset:

  1. In Keychain Access app right-click each private key that fails and select "Get Info".
  2. Go to "Access Control" tab and set "Allow all applications to access this item" -- click on that option even if it's already set. Then click Save Changes.
  3. Refresh the website that fails and you should be prompted to enter keychain password -- enter it and select Allow Always.
like image 91
Ruslan Ulanov Avatar answered Sep 22 '22 17:09

Ruslan Ulanov


We are experiencing the same problem. As Sean has reported, it seems that Chrome on Windows XP negotiates TLSv1.2 even though the operating system does not support SHA-2 (say, SHA-256 or SHA-384) hash function.

We found that Chrome fails when it receives "client certificate request" following SERVER HELLO. SERVER HELLO itself negotiates RC4-SHA1 (in our environment) which should succeeds. The problematic packet seems the "client certificate request" that includes SHA-2 (as well as SHA1) functions for hashes.

Invoking Chrome with "--enable-logging --log-level=0" outputs the following message: ERROR:nss_ssl_util.cc(193)] ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED: NSS error -12222, OS error -2146893816

This is an Operating system error corresponding "NTE_BAD_ALGID" for CryptSignHash function: http://msdn.microsoft.com/en-us/library/windows/desktop/aa380280(v=vs.85).aspx

Disabling TLSv1.2 on the server should fix the problem. But I think Chrome should prefer SHA1 on Windows XP.

like image 25
ymmt2005 Avatar answered Sep 21 '22 17:09

ymmt2005