Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL Localhost Privacy error

I setup ssl on localhost (wamp), I made the ssl crt with GnuWIn32.

When I try to login with fb in Chrome I get the following message:

URL:

https://localhost/ServerSide/fb-callback.php?code=.....#_=_ 

Error:

Your connection is not private.
Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_INVALID. localhost normally uses encryption to protect your information. When Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.

You cannot visit localhost right now because the website sent scrambled credentials that Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.

My SSL Config:

Listen 443     SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5     SSLPassPhraseDialog  builtin     SSLSessionCache        "shmcb:c:/wamp/www/ssl/logs/ssl_scache(512000)" SSLSessionCacheTimeout  300     <VirtualHost *:443>     DocumentRoot "c:/wamp/www" ServerName localhost:443 ServerAdmin [email protected] ErrorLog "c:/wamp/logs/error.log" TransferLog "c:/wamp/logs/access.log" SSLEngine on SSLCertificateFile "c:/wamp/www/ssl/ia.crt" SSLCertificateKeyFile "c:/wamp/www/ssl/ia.key" <FilesMatch "\.(cgi|shtml|phtml|php)$">     SSLOptions +StdEnvVars </FilesMatch> <Directory "c:/Apache24/cgi-bin">     SSLOptions +StdEnvVars </Directory>     BrowserMatch "MSIE [2-5]"  nokeepalive ssl-unclean-shutdown \          downgrade-1.0 force-response-1.0 CustomLog "c:/wamp/logs/ssl_request.log" \           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost>    

My question is how to setup valid SSL certificate on localhost? or do I need to edit my configuration?

like image 518
Ramo Toric Avatar asked Feb 22 '16 22:02

Ramo Toric


People also ask

Why does Chrome keep telling me my connection is not private?

A “your connection is not private” error means your browser cannot verify whether a website is safe to visit. Your browser issues this warning message to prevent you from visiting the site, because visiting an unsafe or unsecure site may put your personal information at risk.


1 Answers

In Chrome, you can use url chrome://flags/#allow-insecure-localhost to allow insecure localhost. Refer to this Stack Overflow for more information.

enter image description here


Update: arda-basoglu's steps are confirmed, this works, too:

  1. When you see "Your connection is not private...NET::ERR_CERT_INVALID" warning on Chrome,
  2. Just type "thisisunsafe" (anywhere...key listeners pick it up) and wait.
like image 133
WEBjuju Avatar answered Sep 20 '22 21:09

WEBjuju