After upgrading to 0.57 on Macintosh 10.14.1 I am unable to turn off Shields Up for an internal (home network) website (my Fortinet Firewall). I can disable on other websites.
When I try to turn off ‘Shields’ the button will move toward ‘off’, but then spring back to on/enabled. The browser refreshes the page but I cannot turn them off. In the past I was unable to use Brave to access the firewall web pages because they did not fully load. The browser shows the pages as insecure because the firewall uses a self signed certificate which is not trusted.
See screen shot.
I expect to see ‘Shields Down’ when I choose to turn it off.
This problem is consistent for the firewall web site.
Thank you for the response.
I can’t see that Shields is blocking anything. On some pages I get a spinning (wait) circle which means I have to use a different browser to view the data.
@stuberman,
It seems like there are two separate issues happening here:
Shields will not go down when toggled to “off”
You’re unable to access your local site due to a certificate issue
So since they’re separate (but possibly related), lets address them as such:
The Shields don’t drop for that site when toggled off. Can you confirm that Shields do work with respect to on/off for websites other than the local site you’re attempting to access? Additionally, if you toggle/alter the individual protections within the panel, do they take effect?
Since you’re using macOS, you can manually permit sites with self-signed or untrusted certificates. To do so, try the following:
Navigate to Settings --> Advanced --> Privacy and Security --> Manage Certificates
When you click Manage Certificates, your Apple Keychain should appear
Now, return to your local site in which the certificate is untrusted and click the lock icon on the left-hand side of the address bar and click “Certificates”:
From here (and yes, this is definitely less-than-intuative), click and drag the image of the certificate into your keychain (you can also drag it to your desktop and double-click, but this will open Keychain anyway).
After dragging the cert into keychain or double-clicking cert on the desktop, keychain will ask you if you’d like to import the cert. Do so, and ensure that you have System selected in the dropdown menu.
Click “Always Trust” to complete certificate import
Once done, the last step (extra precaution, really) is to go back to keychain, open the cert in question, expand the Trust section, and change the SSL setting here to “Always Trust”.
The above steps should allow you to access the webpage without navigating around the untrusted certificate. Let me know if this works for you and what you find when fiddling with the Shields settings.
Regarding the certificate: I have already trusted the self-signed certificate and I can go to the site by accepting the warnings. I also used a localhost entry to go to the site using the common name on the certificate. This does not clear up the "not secure’ warning and according to the referenced link, it is because the certificate does not have an “alternate name” listed. Frankly this does not bother me and it does not stop me from reaching the firewall web site.
The real issue is with the “Shields Up” toggle which does not allow me to toggle it to “down”. I can slide it about half way to off but it snaps back to on.
@stuberman,
Apologies for giving you information you already knew!
Shields panel not toggling down is…weird. I’ve reached out to some team members to see if anyone has seen this behavior before and what may be causing it. I’ll let you know as soon as I have more information.
