Accessing Websites With Self-Signed Certificates on Chrome

In January 2024, Google will roll out Manifest V3, which means that you will no longer be able to use extensions that run Manifest V2. When this happens, there will be some changes in how Web Password Filler works with websites with self-signed certificates.

Below you will find some of the differences between how Web Password Filler handled websites with self-signed certificates on Manifest V2 and how they will be handled on Manifest V3.

Working With Self-Signed Certificates on Manifest V2

With Secret Server URLs that had self-signed certificates, Web Password Filler would load the self-signed urls (e.g. local sites("https://localhost/somesite") and users would get an error and they would be redirected to that same URL in another tab. This other tab would display the following error: net::Err_CERT_COMMON_NAME_INVALID. If Web Password Filler accepted the certificate, the extension was allowed to proceed further. Below you can find the steps that reproduce this error:

  1. Load local sites("https://localhost/somesite")

alt

  1. User would encounter the certificate error displayed below:

alt

  1. After clicking Continue users would be redirected to another tab where they would see the following error message: net::Err_CERT_COMMON_NAME_INVALID

alt

  1. After clicking Advanced Web Password Filler is able to accept the self-singed certificate and the extension is allowed to proceed further.

Working With Self-Signed Certificates on Manifest V3

With Secret Server URLs that had self-signed certificates, Web Password Filler:

  1. Loads the self-signed urls e.g. local sites("https://localhost/somesite")
  2. Users still get an error in the extension and are redirected to that same URL on another tab.
  3. On the other tab users get the following error net::Err_CERT_COMMON_NAME_INVALID
  4. If Web Password Filler accepts the certificate, the extension will continue to display the same error
  5. Web Password Filler is not able to make any API calls to Secret Server
  6. The extension is not allowed to proceed further

A workaround for a self-signed certificate issue in Manifest V3 is that the user needs to setup a local CA