HTTPS for web applications is soon no longer an option, but a must-have. When you develop your application on your local machine, you may want to use a self-signet certificate. They cost you nothing and tools like Visual Studio create them on the first run in IIS Express. Everything would be great if current web browsers wouldn’t show you an error page like this one:
What can we do to use our self-signed certificate on our local machines and not compromise the security of our web browser?
(Just to be explicit: This is for development purposes only. Never to that in production!)
Easy fix for Chrome
In Chrome all you need to do is to open enter this URL chrome://flags/#allow-insecure-localhost into the address bar to find the configuration setting for allowing invalid certificates for localhost:
Click on Enable
and restart Chrome. From now on invalid certificates on localhost (and just on localhost) are ignored and you can develop with your self-signed certificate.
Exceptions for Firefox
In Firefox you need to whitelist every certificate. On the error page for the invalid certificate you find a button with the label Advanced
. Click it and then add an exception by clicking on the Add Exception
button.
You can now once more verify if this is the certificate you want and then explicitly click on Confirm Security Exception...
:
From now on your local certificate is accepted. If you no longer need this exception, you can click on the lock-icon in the address bar and remove it:
Conclusion
Self-signed certificates need a little work with your web browser. However, on localhost they have their place and can help you to start with HTTPS.
chrom://flags/#allow-insecure-localhost my computer no complit
Hi yogambar,
If you replace chrom with chrome and enter the URL into the address bar it should work. Be aware, clicking the link does not work, you must enter it yourself.
Regards,
Johnny