I have a self-signed certificate that I generated as a .p12 and imported into Mac Keychain. I've set the trust to Always Trust however Google Chrome still shows Not Secure and prompts me with Your connection is not private. Safari is trusting the certificate just fine. Does anyone know how to fix this? See image below (Its not incognito, its just a dark theme)
This worked for me, but I cannot reproduce to confirm.
1) Open Chrome
2) Go to chrome://flags/#allow-insecure-localhost
3) Enabled it. Then relaunch.
4) Then disable it again. Then relaunch.
I use this for a local domain which is formatted https://xxx.xxx.com.local i.e. it wasn't just for https://localhost
you should add a x509 SAN extension to the cert.
Related
All of a sudden I seem to have an issue with Google Chrome using localhost.
I'm trying to access any of my development sites (using Ampps) and I get the following error:-
Your connection is not private Attackers might be trying to steal your
information from website.dev (for example, passwords, messages
or credit cards). Learn more NET::ERR_CERT_AUTHORITY_INVALID
When I visit any of the dev sites it is redirecting from http://website.dev to https://website.dev automatically. I'm not having any issue in Safari or Firefox so I don't understand what is going on.
I've tried re-installing Google Chrome, resetting it to the factory default settings...
I think it could be an issue with Keychain Access --> Certificates but wouldn't that mean it wouldn't work in Firefox and Safari if that was the case?
I've spent a while trying to find a solution but so far nothing has worked so I would appreciate some suggestions on how I can fix this. I can't even proceed passed this warning as I don't get the proceed link (insecure) as shown below:-
Navigate to
chrome://flags/#allow-insecure-localhost
and set this to enabled.
After playing around, I came up with one kind of a solution.
First, lets talk about the problem: the cause of this error is that both of us used a .dev domain for our local development. If you go here you will find out that root .dev domain is owned by Google and applying HSTS in Chrome they enforce https-redirect for this domain. Since we use .dev domains, we get redirected to https version and at the same time we don't have any actual certificates installed. So, we see this annoying error. If you go to chrome://net-internals/#hsts you can check your .dev domain and you will actually find out that
static_sts_domain: dev
static_upgrade_mode: FORCE_HTTPS
static_sts_include_subdomains: true
which confirms that HSTS is enforced on *.dev indeed. The policy type is static and, as I understand, it's kind of hard-coded to https-redirect .dev domains.
So, there are at least 2 ways - get and set up an actual certificate somehow or just use another (not .dev) root domain in httpd-vhosts.conf for your local development (also don't forget to update /etc/hosts and launch apache again). I went another root domain route and it solved this issue.
This is really annoying to deal with, but mapping the local website to something other than .dev (I personally use .devo) does work and fixes the problem in chrome. Also, you can add an exception for the page in Mozilla Firefox and not deal with this at all. It's only a problem on Chrome 63+
Best solution is to not use .dev because it owned by Google.
Here you can find an updated list of all claimed TLDs : https://www.rfc-editor.org/rfc/rfc6761
To be safe, choose an unclaimed TLD like .test or .localhost. You can read a useful blog post here : https://iyware.com/dont-use-dev-for-development/
I got same bug, because the CRL file is out of date, and the solution is that update the crl file
you need to add remote site certificate to your local key store
To download certificate from remote site, you will require keytool, open gitbash as admin and run below command to generate the certificate
openssl s_client -showcerts -connect host:port
save the value of above command to from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- to the .crt file.
to add certificate to your local key store, run below command
keytool -import -noprompt -trustcacerts -alias name_of_certificate -file "path_of_dot_crt_file" -keystore "C:\Program Files\Java\jdk1.8.0_192\jre\lib\security\cacerts" -storepass changeit
you can also add downloaded certificate to your browser.
In my case, in order to solve the issue so that I can "Proceed to unsafe",
I needed to go to:
chrome://net-internals/#sockets
then click: "Close idle sockets", "Flush socket pools"
Afterwards go to:
chrome://net-internals/#dns
Then click "Clear host cache"
If it still doesn't work and you are a mac user, try to repeat above after removing localhost certificates using Apple's Keychain Access tool
i did follow all the answers on
here
and nothing worked for me... nothing at all.
I'm on windows 10, using chrome version 54.0.2840.99 m
trying to access my QNAP TS-453a on local on a static ip address (10.1.1.1)
https://10.1.1.1/cgi-bin/
I tried using imported certificates, self signed, export and import the default one, etc nothing works
Some help would be really really appreciated
Valid as of Chrome v58.0.3029:
Visit the site in Chrome.
Open Developer Tools (F12)
Navigate to Security tab
Click "View certificate"
Click Details > Copy to file
Choose a save location on your local machine
Open Chrome settings
Toggle "Show Advanced Settings" (bottom of screen)
Navigate to HTTPS/SSL > Manage certificates
Click "Trusted Root Certification Authorities"
Click Import
Navigate to the cert you just stored
Quit Chrome (Ctrl+Shift+Q) and re-visit your site
NOTE:
Chrome recently (as of 05/15/17) began to require that the cert's subjectAltName parameter be filled. This question received an answer that tells you how to do so.
In general, to troubleshoot this kind of problem, open Developer Tools, go to Security tab, and you will see what Chrome deems wrong with that certificate.
It is likely that it doesn't include a subjectAltName extension, and the solution for adding one is here: https://stackoverflow.com/a/56530824/2873507
We have google chrome extension that needs to be used inside our organization. We have domains there.
Based on enterprise options the easiest approach for us is to host it on some internal web server, and then add address of that internal site as ExtensionInstallSources option to users PC via Group policies, but this does't work for me.
I've tried both registry and local Group Policy changes by adding Google Chrome adm\admx files.
Here is my registry change:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallSources]
"1"="http://localhost/*"
When i'm checking chrome://policy - it displays that it loaded this settings. But when i open http://localhost/myextension.crx - Chrome still displays an error that extension can't be installed from there...
I'm using 47.0.2526.106 m (64-bit) under Windows 8.1 Enterprise (x64)
What i'm doing wrong here?
I have more complicated option to download chrome source\pdbs, and then try to debug it to get understanding why it's not working but it may take a lot of time, as Chrome can compile for a couple of hours on Windows at first build....
So apparently this registry change just wasn't enough. After debugging chrome source i found why it doesn't work for me. I missed:
The referer MUST be present and it also should be whitelisted. So if i open url for my extension by direct link, then as referer is missing - it won't install it. (Oh Chrome, at least you could say with message about it...). If i have web page that has link to that extension, and it's also whitelisted, then it will work fine.
Second missed point was that extension id MUST be present in ExtensionInstallWhitelist, otherwise Chrome will install it and with 2-3 seconds delay will disable it. But if you have listed it under ExtensionInstallWhitelist, then it will be fine.
So my final registry change for localhost is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallSources]
"1"="http://localhost/*"
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\ExtensionInstallWhitelist]
"1"="fhojekmcngnmkdbcoegjdlojgfngkpak"
I found it after long debugging in ExtensionManagement class - https://code.google.com/p/chromium/codesearch#chromium/src/chrome/browser/extensions/extension_management.cc&q=ExtensionManagement::IsOffstoreInstallAllowed&sq=package:chromium&type=cs&l=148
BurpSuite can only intercept HTTP traffic. How can I also intercept HTTPS traffic on Ubuntu? I need to install the CA but how?
Obtaining the certificate:
When chrome is configured to use Burp as a proxy, go to http://burp/cert and the DER encoded certificate will be downloaded automatically.
Download the certificate in BurpSuite under the Proxy->Options tab under Import / export CA certificate. Export the certificate in DER format.
Install the certificate:
Either by double clicking on it in your file browser (Nautilus in my case) or by importing it into Chrome.
Another way of installing it is by importing directly into Chrome.
Go to settings->Show advance settings... (at the bottom)->HTTPS/SSL:Manage certificates->Authorities(tab)->Import
In the file selector you must set the file filter to 'DER-encoded binary..' or 'all files' to make your certificate file visible. The default file selector setting is base-64 encoded ASCII and our file is DER encoded.
Now, for the step I was missing in other explanations, in the chrome certificate manager in the tab Authorities (where you just imported the certificate), find the newly imported certificate. In my case it looked like this:
Notice the "Untrusted", in my case this meant that it I still got the SSL warnings and the red padlock. Click on "untrusted PortSwigger CA" and click Edit...
Check "Trust this certificate for identifying websites." and click "OK". In my case the text "untrusted" didn't disappear directly but after restarting Chrome, the PortSwigger CA was trusted and SSL proxying works.
If this is a duplicate please tell me, but I haven't found a similar explanation.
For Mac: Configuring BurpSuite Proxy with HTTPS and fixing the your connection is not private message
1. Configure Chrome to use Burp as a Proxy
You can view detailed instructions of this step here
https://support.portswigger.net/customer/portal/articles/1783070-configuring-safari-to-work-with-burp
Make sure you hit OK and Apply
2. Download and Install the Burp Certificate
http://burp/cert
You need to have the proxy enabled to do this. Once it's downloaded, double click on it to install it. Save to login keychain.
3. Modify certificate permissions
Open Keychain Access and search for "portswigger" to find the certificate. Right click and hit "Get Info".
Select "Always Trust".
The red Your connection is not private message should be gone now.
In Kali linux with Chromium browser this work for me
Start BurpSuite
Open Chrome (Chromium web Browser) and type in url "127.0.0.1:8080"
Click on "CA Certificate" to Download the Certificate of Burp Suite.
View Image
Save file "Cacert.der" is the certifcate.
Note: when i try import directly to chromium with "der" extension the web browser did not recognized the file So the solution was next:
Open Firefox and click in settings or Preferences.
search certificates. View Image
view Certificates. View Image
Click on Import button and search cert.der previosly downloaded.
Then export (Firefox automatically export file with another extension "PortSwiggerCA.crt").
Now we can import the certificate in chromium web browser (The file "PortSwiggerCA.crt"). To import is the same steps for firefox:
Settings -> Search "certificates" -> view certificates -> authorities -> import
I'm trying to run a local node server, but for whatever reason localhost:3000 does not work. The error page states This webpage is not available ERR_CONNECTION_CLOSED However, 127.0.0.1:3000 does work. I have tried making changes to my hosts file, but to no avail. Does anyone have any idea what's causing the problem?
Chrome version is 46.0.2490.80 m
Here are the steps I took to make this work correctly:
Edited my hosts file so 127.0.0.1 localhost. was present, and saved the file
Cleared my Chrome cache, specifically cookies and cached files
Cleared host cache in chrome://net-internals/#dns
Restarted chrome
Alternatively, this also works:
Navigate to chrome://net-internals/#hsts
Under "Delete domain", type localhost and delete
Unbeknownst to me, my project had an HSTS middleware that set an HSTS cookie
For me (I had HTTP and HTTPs dev server on same port)
Chrome Dev tools F12
Application tab
Clear storage sub-tab
"Clear site data" button
I ran into a similar issue on my MacBook but none of the existing answers worked. I even tried the nuclear option and did a factory reset on my computer.
The issue turned out to be coming from the AirPlay receiver listening on Ports 5000 and 7000, which was creating the 403 error when I tried to serve something at localhost:5000.
The solution, as detailed here, was to uncheck AirPlay Receiver in System Preferences > Sharing
I solved my problem by:
opening the developer console F12
Going to network tab
Check Disable Cache
Browse locahost
What you can do is go to Chrome setting > Privacy and Settings > See all the cookies and site data, search for localhost and delete it. Then refresh your site it will be working.
Regards
if you're using a proxy there's a checkbox to bypass it for local addresses.
follow these steps.
open chrome
go to setting
Privacy and security
Clear browsing data
check cookies and other site data
click clear data.
I had same issue and I cleared cookies and cache and it worked
Go to Setting/clearBrowserData and just check all of history, cookies and cached files.
For me, Browse in Private (Ctrl + Shift + N) was enough.
Finally I have solved this problem
For those who have tried the clearing the cache from the browser and still facing the same issue follow these steps
search for live server(ctrl+shift+x) you will find a settings icon. click on Extension
settings
you can find Live server>Settings:Chrome Debugging Attachment click on edit in Settings.json
just add this (if there are multiple lines make sure to add comma[,])
"liveServer.settings.port": 0
Doing This It will randomly pick an opened port each time.