Recently, Chrome has stopped working with PCD. I cannot figure out why. I complains that the connection isn't private. I've tried adding the self signed cert to the trusted root cert authorities on Windows, and adding the ip address to the host file so I can put in the host name and it will match the cert.
Still doesn't work. I get the page below, and the advanced button is not clickable. None of the tricks (like typing thisisunsafe) work. Chrome version is 85.0.4183.121 (most current version).
Firefox works just fine. Is anyone else seeing this, and more importantly, does anyone know how to fix/bypass this?
Likely to fix it you should get the tomcat certificate signed by a internal CA. Can’t replicate your issue as we have our PCD cert signed by our internal CA as we’d don’t want to keep getting the security warning with self signed certs.
Just tried with Chrome and it does work for me, but oddly enough it gives the warning that the site is not safe even if the cert is signed by our own CA. It's like Chrome doesn't use the trust store on the PC any more.
Try the below.
Option 1 Prevent Warning
Windows
- Kill all instances of Google Chrome. You can do this in Windows by holding the Windows Key and pressing “R” to bring up the Run dialog, then running “tskill chrome*“
- Run Chrome using the “--ignore-certificate-errors” switch. You can do this one of two ways:
- Windows Key and pressing “R” to bring up the Run dialog, then type “chrome –ignore-certificate-errors” and select “OK”
- Make a new shortcut for Chrome that runs “chrome –ignore-certificate-errors” You can do this by:
- Right-click a blank area of the Desktop, then choose “Shortcut“.
- For the location, type “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe” –ignore-certificate-errors. Be sure to include the quotes.
- Select “Next“, name the shortcut, then select “Finish“. You can now use the new shortcut to launch Chrome and bypass certificate errors.
- If executed correctly, Chrome will have a yellow bar at the top of the screen that says “You are using an unsupported command-line flag”. You can close this warning and proceed browsing. You will no longer be bothered with certificate warnings.
Enabling Trust for a Self-signed Certificate on Chrome
A self-signed certificate is a certificate that is signed by itself rather than signed by a trusted authority. Therefore, a warning in the browser appears when connecting to a server that uses a self-signed certificate until it is permanently stored in your certificate store.
Procedure
- In the Google Chrome browser go the site to which you want to connect.A warning box appears to inform you that that the certificate is not trusted by the computer or browser.
Click the gray lock to the left of the URL, and then select the Details link. The Security Overview screen appears.
- Click the gray lock to the left of the URL, and then select the Details link.The Security Overview dialog appears.
- Click the View certificate button.The Certificate window appears with three tabs: General, Details, and Certification Path.
- Select the Details tab and click the Copy to Files button.
- Follow the wizard to save the certificate to a local file.Use the default format: DER encoded binary X.509 (.CER).
- Right-click the .CER file, and select Install Certificate.
- Select Trusted Root Certificate Authorities and click OK.Note: Do not let the wizard select the store for you.
A Security Warning dialog may appear. If it does, disregard this dialog by clicking the Yes button to install the certificate.
- Restart the browser and connect to the server.
- Open the URL authenticated by the certificate.If error messages do not appear, the certificate was successfully imported.
