How to force Chrome to save passwords on self-signed or broken SSL?

I have searched for a way to do this and never found a good answer, though there have been tickets created in the past (#142818 & #405549).

Apparently, the chromium devs never created a chrome://flags override for "broken" SSL with password saving. This would seem to be the easiest way to fix this annoying "feature" (via flags). I DO understand completely why they block it by default.

Since there is no override to my knowledge, I had assumed that you would need to import the given self-signed certificate to a trusted root area in (Windows) store. This does not appear to work either.

Has anyone been able to get this to work? I can live with the warning - just not the lack of password saving. I spend most of my workday in a dev environment and need to keep re-entering passwords dozens of times a day (copy/paste).

5

6 Answers

I did not know about this option before today, but it appears that Chrome does have a flag for allowing insecure certificates from the localhost origin. This option is available from the chrome://flags/#allow-insecure-localhost page:

Screenshot

This will only help you for self-signed certificates on the localhost origin, and I have not tested it to see if it actually fixes your problem with the password manager, but it looks promising.

8

Alternatively, you can start Chrome with a command line switch --unsafely-treat-insecure-origin-as-secure="" or go to chrome://flags/#unsafely-treat-insecure-origin-as-secure and enter your unsafe origin, e.g. .

3

Navigate to chrome://flags/#allow-insecure-localhost.

Then click "Enable".

Just be extremely wary that this is a major security flaw.

Edit: Linking to chrome://flags/ no longer works due to the fact that Chrome no longer allows hyperlinks to the Chrome protocol due to security regarding the use of url encoding in hyperlinks to the protocol. Certain url-encoded strings would crash older versions of Chrome. Rather than fixing this issue, they completely eliminated the option for hyperlinks. So just navigate to that location by copying and pasting the link.

2

i suggest you to use macro (iMacros) instead break the security default of chrome and that's better to protect you from virus

edit:

  • download iMacros chrome extension
  • install it
  • create chrome new tab
  • open i macros
  • then move To record section and press record
  • at new tab go to login page
  • fill your username and password
  • press login
  • then stop record and save page

and voila now you can play your recorded macro in bookmark section to login effortlessly

1

None of these worked for me, I ended up following a combination of the powershell answers from here adding the -NotAfter flag as well, slightly modified to use copy and paste from comments instead of exporting the cert. Once I had all this working for the correct domains, chrome stopped saying the cert was invalid and prompted to save password.

To Create the new certificate for your specific domain:

Open Powershell ISE as admin, run the command:

New-SelfSignedCertificate -DnsName *.mydomain.com, localhost -CertStoreLocation cert:\LocalMachine\My

To trust the new certificate:

  • Open mmc.exe
  • Go to Console Root -> Certificates (Local Computer) -> Personal
  • Select the certificate you have created, copy
  • Go to Console Root -> Certificates -> Trusted Root Certification Authorities, paste

To bind the certificate to your site:

  • Open IIS Manager
  • Select your site and choose Edit Site -> Bindings in the right pane
  • Add new https binding with the correct hostname and the new certificate
1

chrome://flags/#legacy-tls-enforced

Whit this chrome flag set to disabled chrome ignore security enforcement and enable password manager on tls 1.0 sites too.

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like