Allow self-signed certs for specific hosts

Description of the issue:
I’m trying to get rid of the " Your connection is not private" warning for a specific host other than localhost when accessing a website using a self-signed ssl certificate.

How can this issue be reproduced?

  1. Access any website that uses a self-signed certificate.

Expected result:
Not see the " Your connection is not private" warning for that specific website(and port number combination ideally but less important).

Brave Version( check About Brave):
Version 1.56.14 Chromium: 115.0.5790.114 (Official Build) (64-bit) *Maybe make that easier to copy

Additional Information:
I use a lot of apps that are located on my local network server that have web UIs and some of them force me to use https and every time I have to login, I get the annoying warning " Your connection is not private

Attackers might be trying to steal your information from my.local.server.ip (for example, passwords, messages, or credit cards). Learn more

NET::ERR_CERT_AUTHORITY_INVALID"
I know it’s safe since I’m the one hosting it and it’s just wasting my time constantly having to click away that warning so I’d very much like to get rid of it.

I tried :

  • Set “Insecure content” to allow in site settings but that did not get rid of it.
  • Enable the flag “Allow invalid certificates for resources loaded from localhost.” but I assume that only works for localhost and my stuff is on a different local network pc.
  • Enable the flag “Insecure origins treated as secure” and add “https://my.local.server.ip” as the value(where “my.local.server.ip” is my actual local server ip, not that text to be clear) but that also did not help.

Those are all the potential solutions I found with my head and from searching the forum but there are so many threads of people asking for this and just being closed with no reply that it’s not very encouraging and seems kinda crazy it’s not an obvious toggle somewhere since it’s kind of a very common issue for anyone running a home lab or being a web dev.

Seen this before, comes from chromium upstream. A fix would need to land here first.

When clicking Advanced → Proceed to example.com (unsafe) the warning doesn’t show afterwards, at least not in Nightly.
That’s what it does if you go to https://badssl.com/ and test the self-signed certificate, when you click proceed, the next time there is no warning anymore because the information will be will added to Preferences files about it:

image

BTW, it is valid for 7 days, but we have to guess you can extend it by modifying the expiration time.

and if you want to restore the warning you have to click the Site Information button and enable it there with Turn on warnings, which deletes the information from preferences file.

image

So it should work? I guess? maybe it is a Nightly thing and it is just something that was added recently? I am not sure. but I am just saying what happens when you proceed in Nightly.

If not, what about using --ignore-certificate-errors ?

If it’s only valid for 7 days, I wouldn’t call that not showing up anymore, I’m pretty sure my apps stay logged in for longer than that so I see it every time.

I’m looking for a forever solution since nothing is going to change, ever, so why ask every week?

I searched the preferences files to see if modifying the expiration time would work but neither of the 2 entries in there for the site had it in there.

Looks like the “Insecure origins treated as secure” flag is adding a popup every time saying it’s unsecure so that’s useless even if it would work since I have to waste time closing that every time too or leave it be an annoying waste of space.
Same issue with “–ignore-certificate-errors”, which does work, but annoys every time.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.