KB Article | Forcepoint Support

Notes & Warnings

Note All versions of Forcepoint Content Gateway software since 8.2 have been designed to use SHA-2 (256) certificates by default. 

Important If using a Subordinate CA Certificate, and the internal organization root certificate used in the deployment is SHA-1, the issue will persist until the business root CA is updated regardless of Forcepoint Content Gateway version in place. Please consult with the certificate signer used by your organization. 

Problem Description

When upgrading Google Chrome to version 57 or higher, you might receive multiple certificate warnings on websites that use HTTP Strict Transport Security (HSTS).

Resolution

On November 16, 2016, Google announced that SHA-1 support in Chrome 57 has been removed.

After upgrading to Chrome 57 or the most current version of Chrome, certificate warnings might display in the browser for websites that use HSTS.

User-added image


To resolve this issue:
  1. Web Content Gateway (WCG) will need to be configured to use dynamic SHA-2 certificates.
  2. Regenerate the WCG root certificate and then deploy to all users.






Keywords: certificate error; ERR_CERT_WEAK_SIGNATURE_ALGORITHM; certificate warning; content gateway; WCG

Article Feedback



Thank you for the feedback and comments.