Saturday, February 18, 2017

Chrome NET::ERR_CERT_REVOKED for a revoked certificate

connecting Chrome to a local development WebLogic that was using a WebServer certificate that was revoked in the CRL list, I got this message:

Your connection is not private Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_REVOKED Automatically report details of possible security incidents to Google. Privacy policy ReloadHide advanced localhost normally uses encryption to protect your information. When Google Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged. You cannot visit localhost right now because this certificate has been revoked. Network errors and attacks are usually temporary, so this page will probably work later.

Once I started Chrome with "chrome.exe --ignore-certificate-errors" the connection is accepted, I just get a warning "you are using an unsupported command-line flag: --ignore-certificate-errors. Stability and security will suffer "

No comments: