Skip to main content

Manage certificate warnings

Manage certificate security warnings in Google Chrome

Abstract

This page contains links to help manage certificate security warnings in Google Chrome.

Section

Description

Import CA certificate into OS

This section shows the best practice for managing certificate security warnings in Google Chrome

Problem: Chrome blocks web application

This section lists tips and tricks for using Google Chrome.

Production solution

This section provides a secure solution for a production environment.

Non-production workarounds

This section lists multiple solutions in more detail for when there are issues running a web app on Chrome.

Figure 1. Error page when Chrome will not run a web application
Error page when Chrome will not run a web application

You cannot visit localhost right now because the website sent scrambled credentials…



Quick solutions

This is a summary of solutions for when Google blocks access to web applications because of a certificate problem. For a more detailed version see Non-production workarounds.

If you are having trouble connecting FairCom application server, these solutions may be helpful:
  • When your connection is not private, type thisisunsafe and press ENTER.

  • Allow locally running web apps to have invalid certificates by putting the following URL in the Chrome browser chrome://flags/#allow-insecure-localhost.

  • Allow remotely running web apps to have invalid certificates (which is insecure) by running the Chrome application with the option --ignore-certificate-errors.

  • If the domain name localhost is not working, use the IP address 127.0.0.1.

  • If you have problems with Windows connecting to the proper domain (including localhost), Microsoft provides a resource explaining how Windows work with DNS.

  • Configure Chrome to allow HTTP.

  • Create a self-signed certificate and register it in Chrome.

This section provides a secure solution for a production environment (see Non-production workarounds for non-production environments).

When a web browser blocks browser-based applications, the only secure solution is for an administrator to get a public certificate and a private key from a trusted third-party certificate authority (CA) provider. The administrator can then configure the FairCom server to use the public certificate and private key.

This section is for users in a non-production environment.

Solution #1: thisisunsafe

  1. Click anywhere on Google Chrome browser's error page.

  2. Type thisisunsafe.

  3. Press Enter.

Solution #2: Always allow invalid certificates for localhost web apps

  1. Type or paste chrome://flags/#allow-insecure-localhost into the Chrome browser.

  2. Enable the setting Allow invalid certificates for resources loaded from localhost, by selecting Enabled from the drop-down menu.

    allowinvalidcertificatesforresourcesloadedfromlocalhost.png
  3. Click the Relaunch button to relaunch the browser.

    Relaunch.png

Solution #3: Always allow invalid certificates for all servers

Figure 2. Message Chrome displays when it loads
Message Chrome displays when it loads

You are using an unsupported command-line flag: --ignore-certificate-errors. Stability and security will suffer.



Launch Chrome with a CLI argument to allow invalid certificates:
  • For Windows:

    1. Create a shortcut with the following target:

      "C:\Program Files\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors

    2. Launch Chrome from the shortcut or run the target above from a command prompt.

  • For Mac, run the following command line:

    open -a Google\ Chrome --args --disable-web-security --allow-running-insecure-content

  • For Linux, run the following command line:

    google-chrome --disable-web-security

Configure Chrome to allow HTTP

This procedure shows you how to connect to FairCom's database browser-based tools over HTTP using http://127.0.0.1:8080/ when the database is running on your local computer.

Note

As of 2020, the Google Chrome web browser automatically redirects all HTTP URLs to HTTPS. This is known as HSTS.

While this is a great security feature, it can cause issues for developers QA engineers, and testers who are testing the user interface of application servers running on their local computer

To stop Google Chrome from automatically redirecting HTTP URLs to HTTPS for localhost follow these steps:
  1. Type or paste chrome://net-internals/#hsts into the Chrome browser.

  2. In the textbox under the Delete domain security policies section type localhost.

  3. Click the Delete button.

Note

This only changes the setting for the localhost domain. It does not compromise the security for the other domains.

Configure Chrome to allow an invalid HTTPS certificate

This procedure shows you how to connect to FairCom's database browser-based tools over HTTPS using https://127.0.0.1:8443/ when the database is running on your local computer.

You can configure Chrome to revert to its original behavior of displaying a warning page when you go to a website that has an invalid certificate. On the warning page, you can choose Advanced Options and go to the site, or you can choose not to go to the site.

Note

As of 2020, the Google Chrome web browser prevents users from going to a website that has an invalid certificate.

While this is a great security feature, it can cause issues for developers QA engineers, and testers who are testing the user interface of application servers running on their local computer

To configure Chrome follow these steps:
  1. Type or paste chrome://flags/#allow-insecure-localhost into the Chrome browser.

  2. Enable the setting Allow invalid certificates for resources loaded from localhost, by selecting Enabled from the drop-down menu.

    allowinvalidcertificatesforresourcesloadedfromlocalhost.png

When visiting a site that has an invalid certificate, Chrome will display the message "Not secure" next to the URL, as shown in Figure 3, “Google Chrome when visiting a site with an invalid certificate. When you hover over the Not secure icon, you can see the notification of the invalid certificate. This is expected since the FairCom database cannot ship with a certificate that works with your local computer.

Note

It is safe to connect locally to a FairCom database with a valid certificate.

Figure 3. Google Chrome when visiting a site with an invalid certificate
Google Chrome when visiting a site with an invalid certificate


In a production environment where applications and users are allowed to connect from other computers, FairCom's default certificate must be replaced with a valid certificate from the customer.