How to resolve the 'no proceed to xxx link shown' issue when using chrome to access a website with a private self-signed certificate?

Feb 5, 2025

Cowrie

Dev @ Bswen

1. Purpose

In this post, I will demonstrate how to resolve the no proceed to xxx link shown issue when using Chrome to access a website with a private self-signed certificate.

2. Environment

• Chrome

3. The Problem

Normally, when we try to access a website with a self-signed certificate, we would get this warning:

However, sometimes, we get the following warning, which does NOT have the proceed to xxx(unsafe) link:

4. Solution #1

Click anywhere in the Chrome window (not in the address bar) and type: thisisunsafe.

Simply use the keyboard to enter thisisunsafe on the current page. You do not need to type it in the address bar. Once you type it, the page will automatically refresh and allow you to proceed.

Why does this work?

According to Barry Pollard’s answer on Stack Overflow:

The security interstitial bypass keyword hasn’t changed in two years, and awareness of the bypass has been increased in blogs and social media. Rotate the keyword to help prevent misuse.

If you are using this when using a self-signed certificate for local testing, why not just add your self-signed certificate to your computer’s certificate store? This will give you a green padlock, and you won’t have to type thisisunsafe. Note that Chrome now insists on a SAN field in certificates. If you are only using the old subject field, even adding it to the certificate store will not result in a green padlock.

You can find more information on this web page.

Security Consideration

Chrome does not trust self-signed SSL certificates for security reasons. The thisisunsafe command indicates that you understand and confirm that the website is unsafe. Use this method only if you are certain about the risks.

5. Solution #2

If a website has HTTPS redirect enabled, when you visit a website (e.g., http://xxx.io), the server will send a redirect to Chrome, and Chrome will automatically jump to https://xxx.io. On subsequent visits, even if you type http://xxx.io, Chrome will automatically redirect you to https://xxx.io. While this feature is useful, it can be problematic during development. To resolve this, you need to delete the HSTS (HTTP Strict Transport Security) record.

1. Enter chrome://net-internals/#hsts in the address bar to check if the HSTS record exists.

2. If the HSTS record exists, delete it.

6. Summary

In this post, I demonstrated how to resolve the no proceed to xxx link shown issue in Chrome when accessing a website with a private self-signed certificate. The first solution involves typing thisisunsafe to bypass the security warning, while the second solution involves deleting the HSTS record if it exists. Both methods are useful for developers working with self-signed certificates during development.

Final Words + More Resources

My intention with this article was to help others who might be considering solving such a problem. So I hope that’s been the case here. If you still have any questions, don’t hesitate to ask me by email: Email me

Here are also the most important links from this article along with some further resources that will help you in this scope:

• 👨‍💻 Chrome self-signed certificate Documentation
• 👨‍💻 Stack Overflow discussion on bypassing Chrome certificate errors

Oh, and if you found these resources useful, don’t forget to support me by starring the repo on GitHub!

Tags:

• chrome
• ssl

How to use applicationContext.xml in springboot and how to override bean values