I'm using Chrome 50.0.2661.87.
I develop locally and want to use self signed certificates (created with MAMP PRO 3.2.0).
I do the following steps:
Go to the site (which points via hosts file to 127.0.0.1): E.g. https://www.my-local-dev-page.com
Get an error: NET::ERR_CERT_COMMON_NAME_INVALID
I click continue
I click on the red lock in the top left corner inside the certificate popup I choose "export to file"
I choose "DER-codiert-binär X.509 (.CER)"
I click next and close chrome
I import this CER file both via windows user certificates and also in the chrome settings in the ssl path of the root authorities
I open up chrome and the error comes again
If I click again "continue", it seems that somehow it is working, but after a few requests, it is falling back and the error comes again.
What I would expect is that ALL requests in the future work without a problem and that a green lock is shown on the top left.
What am I missing?
Thanks!
I got it.
The problem was, that the certificate was created with a wrong CN.
Now everything works as expected!
Related
My local vagrant box is no longer reachable by chrome with the error
You cannot visit mysite.local right now because its certificate has
been revoked.
I have no particular interest in hardening that box, as all developed code goes via git to bare metal that has little in common with the vagrant. How can I tell Chrome to skip that check (ideally on all local and dev subdomains)?
When you see the message "Your connection is not private", click somewhere on the page and then type the following:
thisisunsafe
This will bypass the warning.
I am evaluating W3C pay Google examples by enabling the Chrome Extension from Google's example here: https://bobpay.xyz/ (Clicking "Install web payment app" on the bottom). This installs the W3C Pay Chrome extension.
I then use their demo here:
https://paymentrequest.show/demo/
I am able to submit a payment using the "Bobpay" extension, see below:
... however when it comes time to redirect to the Bob pay "Account Selector" web application (the front end of the Payment Handler), I get the following error in Chrome's Developer tools:
"Aborting payment handler window "https://bobpay.xyz/pay" because of navigation to an insecure url "chrome-extension://noojglkidnpfjbincgijbaiedldjfbhh/data/shared/tpc-check.html"
It's complaining that the redirection to the chrome-extension URL scheme is insecure.
I already took both Certs from bobpay.xyz and paymentrequest.show sites, and installed them to my System keychain. Then I trusted both SSL certs. This didn't help.
BTW, this works on Windows, but not on MacOS (Chrome on both).
Also: submitting a sample credit card payment outside of the Bobpay extension works fine (by using a locally stored Credit card option, and not the Bobpay extension) - returns tokenized card to be forwarded to payment processor.
This demo code also does not work on any other browsers, such as Firefox or Safari (unsupported on both).
In the Security panel of Chrome Developer tools, we can also see that the Chrome Extension for Bobpay is marked as "Unsecure":
I also installed the whole thing on Localhost, created a self signed SSL cert, added it to keychain, trusted it, and ran an https-server with that cert, but I get the same issue on https://localhost:8080/bobpay as well.
After verifying that the demo worked on another MacOS machine, I figured I introduced an issue trying to clone bobpay and deploy it on localhost under another name. The two payment handlers were somehow trampling over each other, when redirecting to the Frontend Handler page.
I ended up removing all Chrome files in ~/Library/Application Support/Google/Chrome, clearing all Chrome settings (reset to default), and re-installing Chrome. This cleaned out all extensions, cached data, and service workers under Dev Console --> Application. I am now able to proceed without errors.
i did follow all the answers on
here
and nothing worked for me... nothing at all.
I'm on windows 10, using chrome version 54.0.2840.99 m
trying to access my QNAP TS-453a on local on a static ip address (10.1.1.1)
https://10.1.1.1/cgi-bin/
I tried using imported certificates, self signed, export and import the default one, etc nothing works
Some help would be really really appreciated
Valid as of Chrome v58.0.3029:
Visit the site in Chrome.
Open Developer Tools (F12)
Navigate to Security tab
Click "View certificate"
Click Details > Copy to file
Choose a save location on your local machine
Open Chrome settings
Toggle "Show Advanced Settings" (bottom of screen)
Navigate to HTTPS/SSL > Manage certificates
Click "Trusted Root Certification Authorities"
Click Import
Navigate to the cert you just stored
Quit Chrome (Ctrl+Shift+Q) and re-visit your site
NOTE:
Chrome recently (as of 05/15/17) began to require that the cert's subjectAltName parameter be filled. This question received an answer that tells you how to do so.
In general, to troubleshoot this kind of problem, open Developer Tools, go to Security tab, and you will see what Chrome deems wrong with that certificate.
It is likely that it doesn't include a subjectAltName extension, and the solution for adding one is here: https://stackoverflow.com/a/56530824/2873507
BurpSuite can only intercept HTTP traffic. How can I also intercept HTTPS traffic on Ubuntu? I need to install the CA but how?
Obtaining the certificate:
When chrome is configured to use Burp as a proxy, go to http://burp/cert and the DER encoded certificate will be downloaded automatically.
Download the certificate in BurpSuite under the Proxy->Options tab under Import / export CA certificate. Export the certificate in DER format.
Install the certificate:
Either by double clicking on it in your file browser (Nautilus in my case) or by importing it into Chrome.
Another way of installing it is by importing directly into Chrome.
Go to settings->Show advance settings... (at the bottom)->HTTPS/SSL:Manage certificates->Authorities(tab)->Import
In the file selector you must set the file filter to 'DER-encoded binary..' or 'all files' to make your certificate file visible. The default file selector setting is base-64 encoded ASCII and our file is DER encoded.
Now, for the step I was missing in other explanations, in the chrome certificate manager in the tab Authorities (where you just imported the certificate), find the newly imported certificate. In my case it looked like this:
Notice the "Untrusted", in my case this meant that it I still got the SSL warnings and the red padlock. Click on "untrusted PortSwigger CA" and click Edit...
Check "Trust this certificate for identifying websites." and click "OK". In my case the text "untrusted" didn't disappear directly but after restarting Chrome, the PortSwigger CA was trusted and SSL proxying works.
If this is a duplicate please tell me, but I haven't found a similar explanation.
For Mac: Configuring BurpSuite Proxy with HTTPS and fixing the your connection is not private message
1. Configure Chrome to use Burp as a Proxy
You can view detailed instructions of this step here
https://support.portswigger.net/customer/portal/articles/1783070-configuring-safari-to-work-with-burp
Make sure you hit OK and Apply
2. Download and Install the Burp Certificate
http://burp/cert
You need to have the proxy enabled to do this. Once it's downloaded, double click on it to install it. Save to login keychain.
3. Modify certificate permissions
Open Keychain Access and search for "portswigger" to find the certificate. Right click and hit "Get Info".
Select "Always Trust".
The red Your connection is not private message should be gone now.
In Kali linux with Chromium browser this work for me
Start BurpSuite
Open Chrome (Chromium web Browser) and type in url "127.0.0.1:8080"
Click on "CA Certificate" to Download the Certificate of Burp Suite.
View Image
Save file "Cacert.der" is the certifcate.
Note: when i try import directly to chromium with "der" extension the web browser did not recognized the file So the solution was next:
Open Firefox and click in settings or Preferences.
search certificates. View Image
view Certificates. View Image
Click on Import button and search cert.der previosly downloaded.
Then export (Firefox automatically export file with another extension "PortSwiggerCA.crt").
Now we can import the certificate in chromium web browser (The file "PortSwiggerCA.crt"). To import is the same steps for firefox:
Settings -> Search "certificates" -> view certificates -> authorities -> import
Strange problem happening with me for the third time this month, when i restart my pc it's being solved:
Google Chrome throws -Invalid Server Certificate- for any secured website like Facebook or live or even for Gmail.
I'm using the latest version of chrome.
Does anyone have the same problem!
I've found a solution, it's a bug in Chrome happens after the system's hibernate, i solve it without restart by killing the chrome process 'End Process Tree for chrome.exe'
I'm using Windows 7 Home premium, Chrome v18.
Its in news.. Google chrome hit by ssl bug.
http://www.slashgear.com/google-chrome-hit-by-ssl-bug-restricting-google-services-06221921/
We need to wait for security update.
Update:
after checking this bug report. I finally solved it:
You need to follow 2 steps only:
Delete all cache from chrome .
Close the chrome by pressing ctrl +w.
Looks like Chrome did have a bug at one point -
Close the site with cert issue.
Click on 3 dots at the top right to get to settings --> About --> update Chrome - It will ask you to relaunch for the update to take effect.. Accept.
Browse to the site again - if you still have an issue - Verify your certificate using sslshopper or Digicert SSL checkers free tools to make sure your cert is properly installed.