Chrome headless doesn't recognize custom CA on Linux
Reported by
a...@rigo.sk,
Sep 14 2017
|
|
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36 Steps to reproduce the problem: 1. Create a custom CA, add it to ~/.pki/nssdb 2. Create an SSL cert, sign it with the new CA. 3. Serve (I'm using grunt-contrib-connect) with the specified SSL cert + CA 4. Run webdriver tests with and without the --headless chrome command line arg (I'm using chromedriver version 2.32.498513) What is the expected behavior? It should load the webpage in both cases. What went wrong? * It fails to load the page with the --headless argument added and it logs ERR_INSECURE_RESPONSE error. The screenshot is a white blank page. * It loads other pages successfully with the --headless argument (over HTTPS) * It loads the locally served page successfully without the --headless argument. Did this work before? N/A Does this work in other browsers? N/A Chrome version: 61.0.3163.79 Channel: beta OS Version: Debian Jessie Flash Version:
,
Nov 20 2017
In Windows I have found a similar issue just when running headless Chrome in Session 0 (Windows Service). If I run headless Chrome from another Session, then it recognizes the custom CA ok. The only problem is that I do not get it to log ERR_INSECURE_RESPONSE, just the white blank page response. I've tested it using real CA, and it works ok.
,
Aug 29
Just noting that I was able to successfully populate the nssdb and use it to connect both to a server with a self-signed cert as well a server with a custom CA. Chromium version 68.0.3440.75-1~deb9 |
|
►
Sign in to add a comment |
|
Comment 1 by skyos...@chromium.org
, Sep 14 2017Status: Available (was: Unconfirmed)