No “Proceed Anyway” option on NET::ERR_CERT_INVALID in Chrome on MacOS
Solution 1
FYI: Chrome on MacOS treats this different than Windows. MacOS version won't see the proceed button even you click advanced
button.
To still proceed the visit as you are sure this page is safe, here is a easy way to do:
There's a secret passphrase built into the error page. Just make sure the page is selected (click anywhere on the screen), and just type
thisisunsafe
.
Ref: https://twitter.com/zairwolf/status/1196878125734486021
Solution 2
There is a hidden way to bypass that error, even if no button allows it. Of course, this should be used for your own sites only – where you are perfectly sure that site is not hacked, but simply local and therefore without a valid internet certificate.
Simply click anywhere on the denial page and type “thisisunsafe”.
Sounds crazy, but works to bypass chrome’s supervision of your safety. Chrome should get kicked for not accepting the certificate of devices in my local network. This is not IoT, this is "Ny Net"!
Solution 3
This solution worked for me.
- Right click, select inspect element
- click on console tab
- Copy paste
sendCommand(SecurityInterstitialCommandId.CMD_PROCEED)
press Enter
Boom! it should load the page :)
Solution 4
i just typed “thisisunsafe”, it worked for me
Solution 5
To make even macOS Chrome show the "Proceed" link under advanced, make sure to create the certificate with the TLS Web Server Authentication in the X509 extensions.
Here's a oneliner to create with that extension:
openssl req \
-newkey rsa:2048 \
-x509 \
-new \
-nodes \
-keyout server.key \
-out server.crt \
-subj /CN=test1 \
-sha256 \
-days 3650 \
-addext "subjectAltName = DNS:foo.co.uk,IP:127.0.0.1,IP:192.168.1.1" \
-addext "extendedKeyUsage = serverAuth"
If you MacOS openssl does not have addext
option, then use this alternate form:
openssl req \
-newkey rsa:2048 \
-x509 \
-nodes \
-keyout server.key \
-new \
-out server.crt \
-subj /CN=test1 \
-extensions v3_new \
-config <(cat /System/Library/OpenSSL/openssl.cnf \
<(printf '[v3_new]\nsubjectAltName=DNS:a.spectrocloud.com\nextendedKeyUsage=serverAuth')) \
-sha256 \
-days 3650
The key being extendedKeyUsage=serverAuth
.
Related videos on Youtube
![DarioSoller](https://i.stack.imgur.com/xSd1I.jpg?s=256&g=1)
DarioSoller
Updated on April 21, 2022Comments
-
DarioSoller about 2 years
I try to get my local development in Chrome back running, but Chrome prevents that, with the message that the certificate is invalid. Even though it could not be the date of the certificate, as you can see in the screenshot of it:
I just wonder why there is no advanced > option to proceed anyway to see the website and being able to locally develop the app.
A few more things to mention:
- The local development runs on https://local.app.somecompany.com:4200/. It can't be just localhost, because otherwise our authentication http-only cookies won't work in Chrome.
- Therefore the host file under etc/hosts was adjusted to point to the localhost IP adress (127.0.0.1).
- The certificate was generated with openssl according to this tutorial and this repo
- The certificate works for a colleague with the exact same Chrome version but with a MacOS version 10.14.6 (mine right now is MacOS 10.15.1)
- The chrome flag(chrome://flags/#allow-insecure-localhost) does not change anything
- Also works in firefox on my laptop.
Can't find anything online that helped me to solve this so far, so I would be extremly thankful, if anyone has some more ideas what I could try!?
Specs:
- OS: MacOS 10.15.1
- Chrome: 78.0.3904.97
-
Павле almost 4 yearsSince July 2020 the problem also occurs on Windows in Chromium-based browsers and Firefox.
-
Ilfat Galiev over 4 yearsThanks! it was useful. Do you know any way to make custom certificates as trusted for browser? adding to to keychain doesn't help.
-
austinthedeveloper over 4 yearsChrome 80.0.3987.87 just made this solution more annoying. It still works but every time my application is updated or the page is refreshed, the "unsafe" screen shows.
-
alex3410 about 4 yearsi normally get the procced link in chrome on mac but its not appearing today for some reason, this solution is fantastic thank you for sharing
-
Harinder almost 4 yearsWorks! but there has to be a better way. Safari gives me a proceed button, why does chorme not allow that?
-
Rebecca over 3 yearsThis is the most useful thing on the internet! Thanks!
-
marty331 over 3 yearsGenius! I cannot believe that works but I'm very happy it does.
-
A.Veryga over 3 yearsOMG! It is really helped me!
-
aarosil over 3 yearsAmazing! I guess Chrome team feels only users who know stackoverflow / twitter should be trusted to allowed to proceed
-
carpii over 3 years"There's a secret passphrase built into the error page" - Oh wow, this is awesome. Thanks!
-
yrk over 3 yearsThis is so "iddqd"!
-
dossy over 3 yearsThis was the answer I was looking for - adding the
serverAuth
EKU. Thanks. -
farukg over 3 yearshaha so nice, thx!, how did you find out,though ^^? You did code that part right ? :D
-
harrrrrrry over 3 yearsDuplication of stackoverflow.com/a/58957322/3657140
-
newbreedofgeek over 3 yearsWhat?! I thought it was a joke but it worked! How did you discover this easter egg
-
Daniel Wabyick over 3 yearsThis is just insane.
-
Mayur about 3 yearsjust loved the answer... amazing :-)
-
Tom Stein about 3 yearsThis solves the problem, but always keep in mind that this solution changes chrom completely: Never open another tab to another internet site, as that will ignore certificate errors as well. It's a pitty that Chrome can not easily be told to accept site-specific certificate errors, as this is my PC, my Chrome and my IoT-device without any cloud.
-
xjlin0 about 3 yearsnot working on my Chrome Version 89.0.4389.128 (Official Build) (x86_64) :(
-
Gianluca Ghettini about 3 yearsAmazing! Thank you for the "thisisunsafe" method. That was a It really shows how broken security is on the web !
-
Joy about 3 yearsAmazing! Out of the world! hahaha..This actually works!
-
Ilir about 3 yearshow do i revert this. it redirects me to a website i've never seen before. so im paranoid and i want to revert it. im on mac.
-
fartwhif about 3 yearsi would have suggested
google,thisisstupid_stahppit
also, it's hilarious that they presume the local clock is wrong instead of the cert is "very expired", statistically speaking it makes sense, but really, if you can't trust the local clock in this case why would you be able to trust it if it's aligned to be within the certificate's window... -
pdwalker about 3 yearsthis also works for the v3.8x version of vivaldi.
-
WestCoastProjects about 3 yearsNot supported on macOS ??
-
WestCoastProjects about 3 yearsDoes not work on chrome Version 91.0.4472.77 (Official Build) (x86_64) on macOS ;(
-
Yash almost 3 yearsWow. Thanks. This is insane. Worked fine on Version 92.0.4515.131 (Official Build) (x86_64) Mac
-
Milena Schmidt almost 3 yearsThat really works for me - chrome version 92.0.4515.159. Thank you!
-
Rakshitha Muranga Rodrigo over 2 yearsThis worked for me. Thanks. Saved the day. I'm using MacOS BigSur 11.6 and Chrome Version 94.0.4606.71 (Official Build) (x86_64)
-
Shubham Namdeo over 2 yearsThis one made my day! :D
-
truthadjustr over 2 yearsI have to drop the
-extensions v3_new
for it to work in MacOS. Thanks -
mwfearnley over 2 yearsAt time of writing, the cheat code (
BYPASS_SEQUENCE
) is encoded in base64 at github.com/chromium/chromium/blob/… -
mblakesley over 2 years
thisisinsane
. -
Hasan Civelek over 2 yearsOha! I can't believe this really works. Thanks man!
-
Alex Ivasyuv about 2 yearswow, nice feature!
-
mwfearnley about 2 yearsFor what it's worth, I have encountered this error on Mac and Windows. I think the conditions for triggering this particular error may vary though, depending on the OS.
-
GrafiCode about 2 yearsThis is still valid in 2022. I can't believe my eyes.
-
OG Sean about 2 yearsdid not work for me in chrome Version 101.0.4951.67 (Official Build) (64-bit)
-
OG Sean about 2 yearsthis did not work for me in Version 101.0.4951.67 (Official Build) (64-bit)
-
obe6 about 2 years.... ok, BUT is there a way to bypass this without digit thisisunsafe every time I visit the site ? I tried to flag "alway trust" in the certificate but this is not sufficient.