2

In Firefox I can go to a test local server:

https://localhost:3000/

However in Chrome I get this error:

Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_INVALID

This is on my localhost and I have even manually added the self-signed certificate to Chrome.

I followed these directions here:

and this is the screen were I added the cert:

enter image description here

favor
  • 355
  • 2
  • 13
  • 1
    Google pushed a new **pos** feature (IMHO) that blocks all self-signed certificates, and all encryption below TLSv1.2 in the latest version of the browser. It is a pain for test or dev sites, or older sites and consoles. Nothing you can do about it. It was updated yesterday on all PC at work this weekend, it caused a small panic! – Nic3500 Mar 01 '22 at 08:21
  • What is this new pos feature? Is there a google doc online I can read? – favor Mar 02 '22 at 04:51
  • oups sorry, pos == piece of s...t :) you can look at the release notes from google. – Nic3500 Mar 02 '22 at 06:43
  • oh ... pos, means point of sale to me ... I found this bizarre setting in Chrome ... chrome://flags/#allow-insecure-localhost ... on this post ... https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate – favor Mar 05 '22 at 22:56
  • ah, I will try this out, but form what I was told, this workaround was not available anymore. I'll confirm on Monday at work. – Nic3500 Mar 06 '22 at 00:30

1 Answers1

1

I had the same issue. But a bit different scenario.
For my self-signed server certificate I have NET::ERR_CERT_AUTHORITY_INVALID, but for another client certificate I have NET::ERR_CERT_INVALID (this does not allow to proceed)

I was generated these certs with help of KeyStore Explorer app. And there you can add already prepared template like 'SSL Server' or 'SSL Client': ui with templates

So, 'SSL Server' had expected ERR_CERT_AUTHORITY_INVALID warning and SSL Client has the error from the topic. (ERR_CERT_INVALID) The difference is in the option of "Extended Key Usage" extension.
enter image description here

Artem Goncharenko
  • 71
  • 1
  • 6