Weak Signature Algorithm Error Explained

A weak signature algorithm error occurs when a certificate uses a cryptographically broken hash algorithm — most commonly SHA-1 or MD5 — in its signature. Modern browsers and TLS clients reject certificates signed with these algorithms because they're vulnerable to collision attacks, where an attacker could forge certificates.

The SHA-1 Deprecation Timeline

• 2014: NIST recommended SHA-1 deprecation. CAs started phasing out new SHA-1 issuance.
• 2016: Chrome and Firefox started showing warnings for SHA-1-signed certificates.
• 2017: Chrome and Firefox blocked SHA-1-signed certificates entirely. All major browsers followed.
• 2017: Google's CWI SHA-1 collision attack published — SHA-1 shown to be practically breakable with sufficient compute.

MD5 Was Broken Even Earlier

MD5 collisions were demonstrated in 2005 and a rogue CA certificate was forged using MD5 in 2008 (the MD5 Collision Attack on Certificates). CAs stopped issuing MD5-signed certificates around 2009–2010.

How to Identify Weak Algorithms in the Decoder

Paste the certificate into the decoder. The Public Key section shows the Signature Algorithm. The decoder highlights sha1WithRSAEncryption or md5WithRSAEncryption in red with a warning label.

How to Fix It

You must replace the certificate entirely — you cannot change the signature algorithm of an existing certificate. Request a new certificate from your CA and ensure they issue it with sha256WithRSAEncryption or ecdsa-with-SHA256. All CAs stopped issuing SHA-1 certificates years ago, so a new certificate from any public CA will use SHA-256 or stronger.

SHA-2 Family (SHA-256, SHA-384, SHA-512)

The current standard signature algorithms for TLS certificates are all from the SHA-2 family: sha256WithRSAEncryption, ecdsa-with-SHA256, ecdsa-with-SHA384. SHA-3 exists but is not yet widely used in TLS certificates.