Unable to connect to site with self signed certificate

Hi!

New user with Brave, since the world is getting picky with compatibility for other browsers, so a Chromium-based browser is a must, and I will not touch Chrome (spyware/malware) with a 6-foot pole, and Brave is security/privacy-oriented, so seems to fit the bill for me!

After starting to use it, I ran into my first issue quick! Was unable to access my Unifi controller, Edgerouter etc. Basically everything with a self-signed certificate. Yes, I did check/verify that it was not expired, yes I did check that SSL “Always trust” was set. Still I was unable to override, and I do not seem to be the only one with this issue:
https://community.brave.com/t/how-do-i-proceed-to-a-website-with-a-https-certificate-warnings/122999
https://community.brave.com/t/cant-connect-to-site-with-self-signed-certificate/251832

Both of these were unresolved and closed! I can also see that “fanboynz” tried to assist, but was unsuccessful!

The thing that caught my eye was the difference in the error that he saw compared to the people with the issue:
“Interesting, a difference between mine and yours, “NET::ERR_CERT_INVALID” vs “NET::ERR_CERT_AUTHORITY_INVALID”. What does Chrome show?”

So, I checked my keychain a second time, and tried setting all categories to “Always Trust”, and now the “Proceed to 192.168.1.200 (unsafe)” exception link showed up!

Then reverted the setting back to only having SSL “Always trust”, and the plan was to enable them one-by-one untill I found the culprit that also needed to be on, but now it works with only SSL set to “Always trust”!

Screen Shot 2021-12-30 at 15.02.50

I am guessing this is due to an upgrade (“Catalina” to “Big Sur” to “Monterey” for me), where these settings might have become corrupt, and by flipping them, I refreshed the actual setting!

Hope anyone else out there with this issue find this useful!

I own a unifi device (UDM Pro), and its a common error when logging in. Can’t “Always trust” this. Unless you upload your own SSL Cert. I don’t login enough to worry about it. The same error message shows up on other browsers, not a Brave issue here

Sorry, don’t get me wrong here, but this is nothing personal about you, I see you helping out a lot in the forum, but those 2 earlier threads went unresolved, you had come with suggestions in them, but issue was unresolved and I saw the same issue, and found a solution, and thought it might benefit someone else!

The problem is that the “Proceed to 192.168.1.200 (unsafe)” exception link never shows up, so one is unable to get to the login-page of the Edgerouter or unifi device (or whatever device with self-signed cert)!

Seems you have not been able to re-create it though. Never said anything about it being brave-specific, I saw you stating the same in the referred thread also. Sorry to say, but that did not help resolve the issue.

Hope you understand now!

Ah right, probably related to this report;

https://bugs.chromium.org/p/chromium/issues/detail?id=1095820

Yep, looks like the same issue, and Steve seems VERY frustrated! This is very understandable, but not very productive, as he is not providing any Wireshark log or detailed description/troubleshooting of the event. I do agree with him though, that for an admin of the device, one only cares about the encryption (which is still there with a self-signed cert), not whether the certificate is official or self-signed! It should not matter as long as the connection is on a private network! One should still be able to, via an exception, reach the login-page of the device with a self-signed cert! Also, rsleevi does not seem to understand the issue, probably based on his lack of logs. Again, the issue is left with no resolution in that ticket.

As stated in my first post in this thread, I believe it is an issue with the security-settings (permissions really) of the certificate in the keychain, where the permission has been un-set (but not represented in the GUI), most likely during the latest upgrade to Monterey. By flipping it, and re-saving the permissions, the correct permissions are brought back, and one is now able to proceed to the login-page of the device (with self-signed cert) with the “unsafe” exception.

Thanks Odin for sticking to the core issue. I’m also experiencing the same thing. However, I am still on Catalina 10.15.7 due to the age of my Mac. BUT I am able to reach the self-signed cert website via my Brave browser on my Ubuntu machine with no problems. The cert shows the same details as my Mac Brave browser, but Brave on MacOS will not load it. Gives the err_cert_invalid, while Linux gives err_cert_authority_invalid. Definitely annoying.

Have you tried flipping the settings in keychain, and then flip them back, and see if it resolves the issue? See my keychain screenshot above. That is what fixed it for me!