Stopping chrome from picking up SSL certificates from the keychain in Mac - google-chrome

I am trying to access a website that allows SSL logon. I want to log in to the site using different username and credentials. The problem is that chrome always picks up the certificate by default. Is there any way to stop this.

The recommendation would be to use the 'Incognito tab' instead of the usual tab that will not save your SSL certificate.

Related

Can't connect to Github's website in Chrome but it works when I use Firefox

https://i.imgur.com/qKyu744.jpg
This started happening just a few days ago. I can access the site on the same computer in Firefox. Not sure why it is telling me that the site is insecure, but that must be related. I tried ipconfig /flushdns, deleting my cookies, and disabling my firewall but none of those fixed it. Can't find any solutions online either so far. Using the latest Chrome update and Windows 10. Please help!
Edit: Solved my issue by installing this Windows update:
https://support.microsoft.com/en-us/help/4284835
It is possible that you might have deleted trusted certificates from chrome trust store (github CA SSL certificate is issued by DigiCert High Assurance EV Root CA ), where as in for other browsers the trust store must be a different location in your case.
To check above listed certificate present in Chrome trusted store or not, do the following
Open Chrome then Go to Settings => Manage Certificates - Click on it, when Certificates pop-up shows then check at' Trusted Root Certificates Authorities, if desired certificate is not present then import it.
For what it's worth, this is what worked for me:
Open up the start menu and search for and open "Internet Options".
Go to the "Connections" tab.
Click on "LAN settings".
Untick all the checkboxes (there are 3).
Click OK twice and then access https://github.com/ via Google Chrome.
The reason why it works on Firefox is because it has its own proxy settings. Google Chrome takes the proxy settings of the computer.
If you enter the website URL with www, it will work in chrome.
To avoid this you need to add another CNAME without www.
I am using MacOS and I had similar issue of accessing GitLab with Chrome, but no issue with Safari.
What helps me finally is: Setting -> Privacy and Security, and turn off "Use Secure DNS".
If CORS extension has been downloaded and enabled in the Chrome browser then disable the CORS(Allow-control-Allow-origin) extension. It will work..!

How to avoid the "Your connection is not private" screen when developing an HTTP2 site locally?

When I'm developing using Node's http2 library (which only supports HTTPS, not HTTP), when I open localhost in Chrome, I get a warning screen:
Your connection is not private
Attackers might be trying to steal your information from localhost (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
You have to click "Advanced" then "Proceed to localhost (unsafe)". It gets annoying having to do this during development.
I generated a cert and key for localhost use according to the instructions for Node's http2 module. Is there any way to generate them in such a way that Chrome would actually accept them for localhost? Or is there another easy way to get rid of this warning?
(I'm aware of the option of launching Chrome with --ignore-certificate-errors but I'd prefer not to do this for all websites.)
Try the following:
In Chrome, put in chrome://flags/#allow-insecure-localhost in the address bar.
Enable the option that says "Allow invalid certificates for resources loaded from localhost".
Restart Chrome, and it should allow the site.
You can also type thisisunsafe once you put focus on the website
There are two options you can use to get rid of this annoying thing, which are:
Temporarily Disable SSL Warning
You can go to Google Chrome, input chrome://flags in the address bar and press the Enter key to access advanced settings.
In the next step, find the "Allow invalid certificates for resources loaded from localhost" option and enable it. This method is the same as using --ignore-certificate-errors attribute on your Google Chrome shortcut. It disables the SSL warning for all sites.
It's just a temporary solution and I wouldn't suggest to use this frequently.
(I'm aware of the option of launching Chrome with
--ignore-certificate-errors but I'd prefer not to do this for all websites.)
Install SSL On Your Localhost with OpenSSL
You can install SSL on your localhost with OpenSSL. By using this method, your localhost can run HTTPS without any issue at all. The tutorial is quite long with detailed instructions, you can read it at here.
Source: Fix Your Connection Is Not Private Error In Your Browser - ByteBiteBit.com
I tried too many techniques but nothing works at last i find it while i was learning Webapi.
i was unable to visit to any side beacuse of showing the Error "Your Connection is not Private"......
THE REASON IS You have to enable SSL on your Browser and how you can do it let me share the link..
Just follow the steps
https://www.youtube.com/watch?v=4hb6iD3nP6g&list=PL6n9fhu94yhW7yoUOGNOfHurUE6bpOO2b&index=16
chrome://flags/#allow-insecure-localhost in the address bar.
set it to Enabled
relaunch chrome
result

How to get Windows 10 Chrome to accept the self signed certificate generated by CUPS admin on Linux

I have a ClearOs Linux server which, amongst other things, runs a CUPS print server. Installing CUPS makes an admin interface available via https protocol.
Every time I connect to this admin server, Chrome (and IE) warns me the certificate is invalid, and I have to click twice more to go through to the site.
I would like to tell Chrome to trust this certificate. I have Googled how to do this, and tried 3 or 4 different recipes - none of them seem to have worked (the certificate is still not trusted). I have tried the following:
Connect to the site via IE running as Administrator, click on the invalid certificate flash next to the url, view certificate, install certificate, choose Trusted Root Certificate store, and install it. I also tried the Personal store and the Trusted publishers store.
Connect to the site via Chrome, click on the certificate and export it, do Settings/Advanced/Manage certificates, and import it into the store (again, I tried Trusted Root and Personal stores).
I also tried some other instructions which said to start by running "MMC" from the Windows Start button - but typing MMC only offers me Hyper-V manager and Sql Server 2017 Configuration Manager - not the management console expected.
I have read Getting Chrome to accept self-signed localhost certificate here, and tried everything there that applies to Windows 10, but nothing works.
Enter “chrome://flags/#allow-insecure-localhost” in your chrome browser and “Allow invalid certificates for resources loaded from localhost.” to bypass the security warning about your self signed certificate.

How to fix Chrome's Refused to set unsafe header "Connection"

I'm using Advanced REST Client to test external API which requires me to specify
Connection: Keep-Alive. The connection fails (NO RESPONSE) and inspecting Chrome console I noticed Refused to set unsafe header "Connection" followed by net::ERR_INSECURE_RESPONSE
Is there any Chrome settings that allow me to override this? BTW, the API works when I use external tools like APIGee. I've tried Chrome CORS extension (Allow Control Allow Origin) but still unsuccessful.
The issue is that chrome is refusing to load a resource that has an invalid or expired SSL certificate. Even if you could get it to bypass that it would be a bad idea as it would make man in the middle attacks easier in your application.
My suggestion would be (if you trust the server or if it's running locally) to import that certificate to your store so it's trusted in your development environment. If the cert is expired and it's hosted locally look at the documentation on how to change the certificate or to add a self signed one (which you then also would add to your trusted sites)
How to add a self signed very to your store
For Mac
For windows
You'll have to restart chrome for it to see the certs in the store after doing this
Again, be sure you trust these certs origin as they'll be considered trusted as if a legit CA HAD issued them

How to deal with self-signed certificate in the Chrome Apps?

I'm developing a Chrome App, which connects to the server over SSL. Of course, the certificate is self-signed.
In the Chrome browser, it's not a problem because Chrome opens a security warning page. If user chooses to continue to the website, it goes on to the remote page. However, in the Chrome Apps, it doesn't give such a warning page asking user whether to go on or not. Instead, a connection error is thrown out in the console.
To workaround this problem, the user has to connect to the page in the browser once and accepts the certificate, and then he/she could proceed in the Chrome Apps.
I'm wondering how to deal with this issue in the Chrome Apps directly?
If server uses self signed certificate then there's nothing you can do.
There are two other ways though, which requires server side certificate changes
and depending on those changes user may or may not have to do some settings in browser
Update the server with a Trusted CA issued certificate.
This does not require user to do any setting.
Examples for trusted CAs are GoDaddy, VeriSign etc,.
You can check the list of Trusted CAs in chrome://settings -> HTTPS/SSL -> Manage certificates -> Trusted Root Certificate Authorities
Update the server with a any other CA issued certificate.
Then provide a way for user to download the certificate and then user has to install/import it in his/her system/PC
Once certificates is installed or imported, you can check chrome://settings -> HTTPS/SSL -> Manage certificates -> Trusted Root Certificate Authorities to confirm that its installed into "Trusted Root certificates" folder. Only if certificate is imported into this folder there will be no errors in console for SSL connections.
Of course if you do not want do all this then there is a workaround as you mentioned to tell user to connect to the page in the browser once and accepts the certificate, and then he/she could proceed in the Chrome Apps
http://www.startssl.com/?app=1 provides free SSL certificates. Try having your customers get one of those instead of training your users to accept insecure connections. Or put the insecure connection over http:, which declares the intention to be insecure.