chrome-How to solve the 'no proceed to xxx link shown' issue when using chrome to access a website with a private self-signed certificate?

1. Purpose

In this post, I would demo how to solve the no proceed to xxx link shown problem when using chrome to access a website with a private self-signed certificate :

2. Environment

  • Chrome

3. The problem

Normally, when we try to access a website with self-signed certificate, we would get this warning:

Chrome proceed unsafe

But sometimes, we get the following warning , it does NOT have the proceed to xxx(unsafe) link!!!

Chrome proceed unsafe

4. The Solution #1

Click any position in the window of chrome (not at the address), and input: thisisunsafe

Just use the keyboard to enter thisisunsafe on the current page, instead of typing in the address bar, just type on the keyboard, and the page will automatically refresh to enter the web page

Why does this work? According to Barry Pollard’s answer:

The security interstitial bypass keyword hasn’t changed in two years and awareness of the bypass has been increased in blogs and social media. Rotate the keyword to help prevent misuse.

If you are using this when using a self-signed certificate for local testing then why not just add your self-signed certificate certificate to your computer’s certificate store so you get a green padlock and do not have to type this? Note Chrome insists on a SAN field in certificates now so if just using the old subject field then even adding it to the certificate store will not result in a green padlock.

You can get more information from this web page.

Why does this work?

Because Chrome does not trust these self-signed ssl certificates, for the sake of security, access is directly prohibited. Thisisunsafe command indicates that you have understood and confirmed that this is an unsafe website. If you still want to visit it, give it to you.

5. The solution #2

If a website has https redirect enabled, when you visit a website, such as http://xxx.io, the first time you visit, the server will send a redirect to chrome, and then chrome will jump Go to the domain name of “https://xxx.io”. When you next visit, even if you open “http://xxx.io”, this time without using the server, chrome will automatically help you access “https://xxx.io”. Although this feature is great, it is sometimes bad for the development process, so you need to delete this automatic jump (the professional term is HSTS).

1) Enter “chrome://net-internals/#hsts” in the address bar, check if the hsts exist.

image-20210826212837914

2) If exist, then delete the HSTS record.

6. Summary

In this post, I demonstrated how to fix the proceed not shown chrome issue.