Solved: Cisco GUI suddently not accessible via Chrome?

bill.king1 · ‎10-02-2023

Hi, just curious if anyone else has run into this. Suddenly some Cisco devices are not accessible via Chrome (version 117 if that matters). These were accessible last week and the same sites/servers are not. They are fine in Firefox and Edge.

Error message is below. The certificate for the servers in question are expired, but they've been expired for months. Just wondering if something changed within Chrome? I've tried clearing cache and cookies with no luck.

This site can’t provide a secure connection
Website name sent an invalid response.
Try running Windows Network Diagnostics.
ERR_SSL_PROTOCOL_ERROR

Muhammed Ashiq · ‎11-05-2023

could you please try as below,

go to chrome://flags/#use-sha1-server-handshakes and enable 'Allow SHA-1 server signatures in TLS' parameter.

Hope this will work.

View solution in original post

david.macias · ‎10-02-2023

I believe that Chrome internally "times out" when you accept an invalid cert and you have to reaccept it. Typing "this is unsafe" will allow you to then add the cert to your trust, again temporarily.

david

Blog

bill.king1 · ‎10-03-2023

Thank you, but no luck. I searched and it seems like if you typed (in older versions) "badidea" it would work, or in newer versions "thisisunsafe" (no spaces), but it doesn't do anything when I tried it just now. Some of the other settings recommended online like go to chrome://flags/#enable-quic and disable it didn't do it either. Thankfully Edge and Firefox still work but frustrating.

EDIT: I found a machine that had Chrome 116, and no issue. When it upgraded to 117, same error. So seems to be something about 117 that has changed, in case it helps anyone else out.

david.macias · ‎10-03-2023

Any chance you can test this on non-Cisco UI? I'm curious if this is a Chrome thing or a Chrome and Cisco thing.

david

Blog

bill.king1 · ‎10-03-2023

Hi, I thought the same thing, do you know of a site that has (for instance), an expired certificate visible from the internet and I can try and hit it with Chrome vs. say Edge?

david.macias · ‎10-03-2023

I was looking for something like this and found this, let me know. https://badssl.com/

david

Blog

piyush aghera · ‎10-05-2023

Following..

KJK99 · ‎10-05-2023

I had a problem accessing the WebIU of my CISCO switch using Chrome recently, but the symptoms were different. It wasn't a SSL issue for sure. To fix that problem, I ended up completely removing Chrome and installing it again from scratch. That could've been a problem in Chrome itself or its add-ons. I can't tell.

Kris K

bill.king1 · ‎10-05-2023

I tried Chrome from another desktop from same organization and same result. Version 116 worked, but when it was upgraded to version 117, no dice.

Muhammed Ashiq · ‎11-05-2023

could you please try as below,

go to chrome://flags/#use-sha1-server-handshakes and enable 'Allow SHA-1 server signatures in TLS' parameter.

Hope this will work.

bill.king1 · ‎11-06-2023

Thank you @Muhammed Ashiq , this did the trick. Did you find this anywhere, like in defect?

Muhammed Ashiq · ‎11-06-2023

We had faced similar for CUIC and other custom webservers. This was a workaround suggested by System Team. More over if you upgrade the edge to Version 119, you will get the same error.

For CUIC (v11.6) we regenerated all the Certificates through cmplatform and restarted the whole server.

I didn't get the clear root cause but after chrome upgrade it is not taking SHA-1 certificates.

Thanks,

Ashiq Mattil