No “Proceed Anyway” option on NET::ERR_CERT_INVALID in Chrome on MacOS
I try to get my local development in Chrome back running, but Chrome prevents that, with the message that the certificate is invalid. Even though it could not be the date of the certificate, as you can see in the screenshot of it:
I just wonder why there is no advanced > option to proceed anyway to see the website and being able to locally develop the app.
A few more things to mention:
- The local development runs on https://local.app.somecompany.com:4200/. It can't be just localhost, because otherwise our authentication http-only cookies won't work in Chrome.
- Therefore the host file under etc/hosts was adjusted to point to the localhost IP adress (127.0.0.1).
- The certificate was generated with openssl according to this tutorial and this repo
- The certificate works for a colleague with the exact same Chrome version but with a MacOS version 10.14.6 (mine right now is MacOS 10.15.1)
- The chrome flag(chrome://flags/#allow-insecure-localhost) does not change anything
- Also works in firefox on my laptop.
Can't find anything online that helped me to solve this so far, so I would be extremly thankful, if anyone has some more ideas what I could try!?
Specs:
- OS: MacOS 10.15.1
- Chrome: 78.0.3904.97
Solution 1:
FYI: Chrome on MacOS treats this different than Windows. MacOS version won't see the proceed button even you click advanced button.
To still proceed the visit as you are sure this page is safe, here is a easy way to do:
There's a secret passphrase built into the error page. Just make sure the page is selected (click anywhere on the screen), and just type
thisisunsafe.
Ref: https://twitter.com/zairwolf/status/1196878125734486021
Solution 2:
There is a hidden way to bypass that error, even if no button allows it. Of course, this should be used for your own sites only – where you are perfectly sure that site is not hacked, but simply local and therefore without a valid internet certificate.
Simply click anywhere on the denial page and type “thisisunsafe”.
Sounds crazy, but works to bypass chrome’s supervision of your safety. Chrome should get kicked for not accepting the certificate of devices in my local network. This is not IoT, this is "Ny Net"!
Solution 3:
This solution worked for me.
- Right click, select inspect element
- click on console tab
- Copy paste
sendCommand(SecurityInterstitialCommandId.CMD_PROCEED)press Enter
Boom! it should load the page :)
Solution 4:
To make even macOS Chrome show the "Proceed" link under advanced, make sure to create the certificate with the TLS Web Server Authentication in the X509 extensions.
Here's a oneliner to create with that extension:
openssl req \
-newkey rsa:2048 \
-x509 \
-new \
-nodes \
-keyout server.key \
-out server.crt \
-subj /CN=test1 \
-sha256 \
-days 3650 \
-addext "subjectAltName = DNS:foo.co.uk,IP:127.0.0.1,IP:192.168.1.1" \
-addext "extendedKeyUsage = serverAuth"
If you MacOS openssl does not have addext option, then use this alternate form:
openssl req \
-newkey rsa:2048 \
-x509 \
-nodes \
-keyout server.key \
-new \
-out server.crt \
-subj /CN=test1 \
-extensions v3_new \
-config <(cat /System/Library/OpenSSL/openssl.cnf \
<(printf '[v3_new]\nsubjectAltName=DNS:a.spectrocloud.com\nextendedKeyUsage=serverAuth')) \
-sha256 \
-days 3650
The key being extendedKeyUsage=serverAuth.
Solution 5:
After a long search, I have found a solution. This solution is for mac.
- First, got to settings.
- Search for manage certificates. KeychainAccess will open.
- Try to find the name of the certificate, for example localhost was the name in my case. If you click on the certificate it will show the details.
- Then the Trust section you have to select Always Trust for "when using this certificate".
- Now check in the browser again. You will directly be able to access the page. Privacy error, Your connection is not private message will not come.