Permanent Certificate exceptions

Something that’s been getting really annoying is how all of the browsers have gone to trying to ‘save the users from themselves’ by removing the ability to add permanent exceptions for a site that has an ‘invalid’ certificate. If you’ve ever worked with iDRACs, vCenter or some other internal, non public facing device or machine that uses SSL and doesn’t REALLY need to have a ‘legit’ certificate (Or can’t have a real, publicly trusted cert because it’s and internal .local domain), you probably know what I mean.

Might it be possible to enable/re-enable/create the ability to store permanent certificate exceptions like used to be possible with all browsers, or even better, that and the ability to whitelist by IP address or range, so that if the name of the machine being accessed returns an IP that’s whitelisted (or if you’re accessing directly by IP), the certificate is automatically considered safe? Even if the option to enable this was buried somewhere deep so it’s less likely to be enabled ‘by accident’, I imagine pretty much anyone in IT that routinely deals with devices like mentioned would love for this ability to return.

1 Like