Brave won't let me visit SSL site (at all), and I can't figure out how to bypass it

Hi all,

Every year or so I have to constantly figure out a way to “bypass SSL validation”. A few years ago, I was able to just simply pass the “–ignore-certificate-errors” to the Google Chrome browser and that worked for just a short period of time. Now I’m using Brave and I am having to figure out how to bypass SSL certificate errors.

I’m a consultant that uses Nessus on several customers’ networks and I am continuously unable to visit the Nessus web portal because of the localhost SSL certificate. I get the following error message:

# Your connection is not private

Attackers might be trying to steal your information from **localhost** (for example, passwords, messages, or credit cards). [Learn more](chrome-error://chromewebdata/#)

NET::ERR_CERT_INVALID

localhost normally uses encryption to protect your information. When Brave tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Brave stopped the connection before any data was exchanged.

You cannot visit localhost right now because the website sent scrambled credentials that Brave cannot process. Network errors and attacks are usually temporary, so this page will probably work later. 

Here’s the thing. As much as I appreciate everything that Brave does, I don’t care about SSL issues. I’m perfectly fine with it just warning me and letting me continue, but not allowing me to visit the site at all is completely inconvenient as I then have to fire up Firefox or Safari as a quick workaround.

Does anyone know how to permanently disable SSL certificate checking in Brave or know of a way that I can just at least have it present me the option to continue visiting the site?

I’m using the latest version of the Brave Browser (
Version 1.17.73 Chromium: 87.0.4280.67 (Official Build) (x86_64)
) and running on Mac OS Big Sur.

1 Like

I ran into this when I stood up a copy of a prod application in a virtual machine for testing scripts that I wrote. My work around was to port forward 443 from localhost to virtual machine running the test application, and then enable brave://flags/%23allow-insecure-localhost . That way it thought it was going to localhost, but it was really going to the server I needed to test.

Still, you should not have to do that much work to enable yourself to do your work.

Do you have an idea of how we can reproduce this? It sounds like the site you’re trying to access is local, so not Internet-accessible.

I bypass the TLS error on my router admin page all of the time, so it’s not a problem with all TLS errors. Is the site you’re trying to access using HTTP Strict Transport Security by any chance?

Another thing you could try is to go to brave://components and to manually update Certificate Error Assistant to see if you get a different TLS error message afterwards.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.