ChatGPT解决这个技术问题 Extra ChatGPT

No “Proceed Anyway” option on NET::ERR_CERT_INVALID in Chrome on MacOS

I try to get my local development in Chrome back running, but Chrome prevents that, with the message that the certificate is invalid. Even though it could not be the date of the certificate, as you can see in the screenshot of it:

https://i.stack.imgur.com/EDHew.png

I just wonder why there is no advanced > option to proceed anyway to see the website and being able to locally develop the app.

A few more things to mention:

The local development runs on https://local.app.somecompany.com:4200/. It can't be just localhost, because otherwise our authentication http-only cookies won't work in Chrome.

Therefore the host file under etc/hosts was adjusted to point to the localhost IP adress (127.0.0.1).

The certificate was generated with openssl according to this tutorial and this repo

The certificate works for a colleague with the exact same Chrome version but with a MacOS version 10.14.6 (mine right now is MacOS 10.15.1)

The chrome flag(chrome://flags/#allow-insecure-localhost) does not change anything

Also works in firefox on my laptop.

Can't find anything online that helped me to solve this so far, so I would be extremly thankful, if anyone has some more ideas what I could try!?

Specs:

OS: MacOS 10.15.1

Chrome: 78.0.3904.97

Since July 2020 the problem also occurs on Windows in Chromium-based browsers and Firefox.

a
arun kumar

FYI: Chrome on MacOS treats this different than Windows. MacOS version won't see the proceed button even you click advanced button.

To still proceed the visit as you are sure this page is safe, here is a easy way to do:

There's a secret passphrase built into the error page. Just make sure the page is selected (click anywhere on the screen), and just type thisisunsafe.

Ref: https://twitter.com/zairwolf/status/1196878125734486021


Thanks! it was useful. Do you know any way to make custom certificates as trusted for browser? adding to to keychain doesn't help.
Amazing! I guess Chrome team feels only users who know stackoverflow / twitter should be trusted to allowed to proceed
This is just insane.
Does not work on chrome Version 91.0.4472.77 (Official Build) (x86_64) on macOS ;(
thisisinsane.
T
Tom Stein

There is a hidden way to bypass that error, even if no button allows it. Of course, this should be used for your own sites only – where you are perfectly sure that site is not hacked, but simply local and therefore without a valid internet certificate.

Simply click anywhere on the denial page and type “thisisunsafe”.

Sounds crazy, but works to bypass chrome’s supervision of your safety. Chrome should get kicked for not accepting the certificate of devices in my local network. This is not IoT, this is "Ny Net"!


This is the most useful thing on the internet! Thanks!
Genius! I cannot believe that works but I'm very happy it does.
OMG! It is really helped me!
haha so nice, thx!, how did you find out,though ^^? You did code that part right ? :D
N
Nikesh

This solution worked for me.

Right click, select inspect element

click on console tab

Copy paste sendCommand(SecurityInterstitialCommandId.CMD_PROCEED) press Enter

Boom! it should load the page :)


not working on my Chrome Version 89.0.4389.128 (Official Build) (x86_64) :(
That really works for me - chrome version 92.0.4515.159. Thank you!
did not work for me in chrome Version 101.0.4951.67 (Official Build) (64-bit)
G
Guru

i just typed “thisisunsafe”, it worked for me


wow, nice feature!
S
Saad Malik

To make even macOS Chrome show the "Proceed" link under advanced, make sure to create the certificate with the TLS Web Server Authentication in the X509 extensions.

Here's a oneliner to create with that extension:

openssl req \
  -newkey rsa:2048 \
  -x509 \
  -new \
  -nodes \
  -keyout server.key \
  -out server.crt  \
  -subj /CN=test1   \
  -sha256  \
  -days 3650  \
  -addext "subjectAltName = DNS:foo.co.uk,IP:127.0.0.1,IP:192.168.1.1" \
  -addext "extendedKeyUsage = serverAuth"

If you MacOS openssl does not have addext option, then use this alternate form:

openssl req \
  -newkey rsa:2048 \
  -x509 \
  -nodes \
  -keyout server.key \
  -new \
  -out server.crt \
  -subj /CN=test1 \
  -extensions v3_new \
  -config <(cat /System/Library/OpenSSL/openssl.cnf \
  <(printf '[v3_new]\nsubjectAltName=DNS:a.spectrocloud.com\nextendedKeyUsage=serverAuth')) \
  -sha256 \
  -days 3650

The key being extendedKeyUsage=serverAuth.


This was the answer I was looking for - adding the serverAuth EKU. Thanks.
I have to drop the -extensions v3_new for it to work in MacOS. Thanks
p
prisar

After a long search, I have found a solution. This solution is for mac.

First, got to settings. Search for manage certificates. KeychainAccess will open. Try to find the name of the certificate, for example localhost was the name in my case. If you click on the certificate it will show the details. Then the Trust section you have to select Always Trust for "when using this certificate". Now check in the browser again. You will directly be able to access the page. Privacy error, Your connection is not private message will not come.


S
Sebastian Ballarati

in MacOS Catalina I had it working by:

copy pasting the PEM certificate content into a text editor (such as vi) and saving it as a .pem file (e.g. localhost.pem) in finder, open the cert file you've just created and add it to the System Keychain a Keychain Access window will be show; open your localhost cert set "Always Trust" for Secure Sockets Layer (SSL) as depicted below

https://i.stack.imgur.com/3jmaN.png

That's it, refresh your browser and it should work just fine :)


R
Raj P

Make a browser trust an SSL certificate

In Chrome, we can write the following URL in the search bar: chrome://flags/#allow-insecure-localhost and activate the relative option.

courtesy:https://www.thomasvitale.com/https-spring-boot-ssl-certificate/


A
Aslam Maxmudov

Just click on "Not Secure" on search bar of chrome denial page , then click certificate, then you can see your certificate. click on Trust option do always trust.


D
DarioSoller

So after adding this question a colleague found this thread.

There seem to be two options to solve this issue:

Just install the certificate in MacOS key chain. Then double click on it and under "trust" select "always trust".

Generate a certificate according to the new MacOS Catalina specs.


I
Ilya

A possible solution is to launch Chrome with parameter "--ignore-certificate-errors".

Steps for Mac OS:

Close Chrome.

From the Finder, select “Go” > “Utilities“.

Launch “Terminal“.

Type the following command, then press “Enter“: /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ignore-certificate-errors &> /dev/null &

Solution from https://www.technipages.com/google-chrome-bypass-your-connection-is-not-private-message


This solves the problem, but always keep in mind that this solution changes chrom completely: Never open another tab to another internet site, as that will ignore certificate errors as well. It's a pitty that Chrome can not easily be told to accept site-specific certificate errors, as this is my PC, my Chrome and my IoT-device without any cloud.
Not supported on macOS ??
S
Shoaib Ahmad

I was struggling with same issue on multiple browsers. After banging my head around, I looked for any invalid certificate(s) or entries having red cross icon underneath, and deleted them. Afterwards, I never came across that error screen saying 'You connection is not private'

If you are on Mac, follow steps below:

Open Keychain Access

Select System Roots from left bar

Navigate to Certificates Tab

Locate any invalid certificate with red cross icon, Right click and hit Delete

And also follow:

Select System from left bar

Navigate to All Items and Passwords Tab(s)

Locate any invalid entry with red cross icon, Right click and hit Delete

Now refresh and see if it works for you.


U
Udara Seneviratne

This error can be simply bypassed by starting the chrome in insecure mode as follows.

google-chrome --args --disable-web-security --allow-running-insecure-content --user-data-dir=/tmp/chrome-insecure/ -ignore-certificate-errors

b
bownie

This worked for me in 2021 on my 2007 iMac:

https://www.youtube.com/watch?v=m3FgAztrYYo

Letsencrypt root certificate link is included.