I have created a self-signed SSL certificate for the localhost CN. Firefox accepts this certificate after initially complaining about it, as expected. Chrome and IE, however
UPDATED Apr 23/2020
https://www.chromium.org/Home/chromium-security/deprecating-powerful-features-on-insecure-origins#TOC-Testing-Powerful-Features
There is a secret bypass phrase that can be typed into the error page to have Chrome proceed despite the security error: thisisunsafe (in earlier versions of Chrome, type badidea, and even earlier, danger). DO NOT USE THIS UNLESS YOU UNDERSTAND EXACTLY WHY YOU NEED IT!
Source:
https://chromium.googlesource.com/chromium/src/+/d8fc089b62cd4f8d907acff6fb3f5ff58f168697%5E%21/
(NOTE that window.atob('dGhpc2lzdW5zYWZl')
resolves to thisisunsafe
)
The latest version of the source is @ https://chromium.googlesource.com/chromium/src/+/refs/heads/master/components/security_interstitials/core/browser/resources/interstitial_large.js and the window.atob
function can be executed in a JS console.
For background about why the Chrome team changed the bypass phrase (the first time):
https://bugs.chromium.org/p/chromium/issues/detail?id=581189
For quick one-offs if the "Proceed Anyway" option is not available, nor the bypass phrase is working, this hack works well:
Allow certificate errors from localhost
by enabling this flag (note Chrome needs a restart after changing the flag value):
chrome://flags/#allow-insecure-localhost
(and vote-up answer https://stackoverflow.com/a/31900210/430128 by @Chris)
If the site you want to connect to is localhost
, you're done. Otherwise, setup a TCP tunnel to listen on port 8090 locally and connect to broken-remote-site.com
on port 443, ensure you have socat
installed and run something like this in a terminal window:
socat tcp-listen:8090,reuseaddr,fork tcp:broken-remote-site.com:443
Go to https://localhost:8090 in your browser.
Similar to "If all else fails (Solution #1)", here we configure a proxy to our local service using ngrok. Because you can either access ngrok http tunnels via TLS (in which case it is terminated by ngrok with a valid certificate), or via a non-TLS endpoint, the browser will not complain about invalid certificates.
Download and install ngrok and then expose it via ngrok.io
:
ngrok http https://localhost
ngrok will start up and provide you a host name which you can connect to, and all requests will be tunneled back to your local machine.