net ERR INSECURE RESPONSE in Chrome

Question

I am getting an error net  ERR INSECURE RESPONSE in the Chrome console when fetching some data from my API  This error usually occurs as a result of an unsigned certificate  however  it is not an issue with this because I have a valid and signed certificate    The error doesn t happen often at all and it goes away if I restart my Chrome browser  It also doesn t occur in any other browser at all  tested on Safari  Mozilla  Opera   Any idea why this is happening  Is this just a browser bug

User · Answer

I had a similar issue recently  I was trying to access an https REST endpoint which had a self signed certificate  I was getting net  ERR INSECURE RESPONSE in the Google Chrome console  Did a bit of searching on the web to find this solution that worked for me    Open a new tab in the same window that you are trying to make the API call  Navigate to the https URL that you are trying to access programmatically  You should see a screen similar this   Click on Advanced   proceed to  lt url gt  and you should see the response  if there is one  Now try making the API call through your script

User · Answer

Maybe you have run into this problem  net  ERR INSECURE RESPONSE  You need to check the encryption algorithms supported by your server  For example for apache you can configure the cipher suite this way  cipher suite   Which version of chrome are you running and what is the server serving your APIs

User · Answer

For me the answer to this was available here on StackOverflow   ERR INSECURE RESPONSE caused by change to Fiddler s root certificate generation using CertEnroll for Windows 7 and later     Unfortunately  this change can cause problems for users who have   previously trusted the Fiddler root certificate  the browser may show   an error message like NET  ERR CERT AUTHORITY INVALID or The   certificate was not issued by a trusted certificate authority     Quote from  the original source   I had this ERR CERT AUTHORITY INVALID error on the browser and ERR INSECURE RESPONSE shown in Developer Tools of Chrome

User · Answer

This happens when you update from Chrome 55 to Chrome 56  56 0 2924 87   This is an increase in security enforcement   It doesn t go away by restarting the browser  and it s not a bug       Mountain View says it s hoping you don t ever encounter the message    because Certificate Authorities are required to stop issuing SHA-1   certificates in 2016  Just in case  Google plans to continue issuing   warnings until Chrome completely stops supporting SHA-1 on January   1st  2017  When that day comes  a website that still uses the function   will trigger a fatal network error     Source  Engadget com    If this happens  the most-likely cause is that your  or the website s  SSL-certificate uses SHA1   SHA1 is broken  and SSL certificates using SHA1 are not secure anymore  it s now been a long time that Chrome showed this to you - now it blocks NET  ERR CERT WEAK SIGNATURE ALGORITHM     Another likely cause is that your SSL-certificate expired Also  you should disable backwards-compatiblity with SSL2  amp  SSL3  Poodle Attack    You should only be using TLS  SSL 3 1      To test your domain s SSL-certificate  you can use SSL labs SSL test   To find out what exactly the issue is  Open the chrome developer console  CTRL   SHIFT   J OR F12  And change to the security tab         For more information   https   support google com chrome answer 95617 visit id 1-636221396724527190-3454695657 amp p ui security indicator amp rd 1  FYI      SHA-1 has been growing weaker and more insecure everyday for a decade   now  which is dangerous considering we tend to trust websites with    https     in their URLs  Other browsers like Mozilla Firefox and   Microsoft Edge also plan to stop supporting it in an effort to   encourage website owners to switch to more secure SHA-2 certificates   as soon as possible    If you urgently need to get around it  you need to close all running instances of Chrome first - otherwise it won t work    chrome --args --ignore-certificate-errors   Please note  don t go online-banking or gmail ing with those command-line settings active in your Chrome instance

User · Answer

I was having this issue when testing my Cordova app on android  It just so happens that this android device does not persist its date  and will reset back to its factory date somehow  The API that it calls has a cert that is valid starting this year  while the device date after bootup is in 2017  For now  I have to adb shell and change the date manually

User · Answer

A missing intermediate certificate might be the problem   You may want to check your https   hostname with curl  openssl or a website like https   www digicert com help    No idea why Chrome  possibly  sometimes has problems validating these certs

User · Answer

I was getting this error on amazon ca  meetup com  and the Symantec homepage   I went to the update page in the Chrome browser  it was at 53    and checked for an upgrade  and it showed there was no updates available  After asking around my office  it turns out the latest version was 55 but I was stuck on 53 for some reason   After upgrading  had to manually download from the Chrome website  the issues were gone

User · Answer

Don t know if this question is relevant anymore  but this happened to me on a client wich had an incorrect datetime set on Windows  This will be an alternative to watch  If is this case  it will reproduce on other browsers as well  at least  on firefox and chrome    I fixed it updating datetime on Windows to actual s real datetime  Hope it helps somebody

[google-chrome] net::ERR_INSECURE_RESPONSE in Chrome

Examples related to google-chrome