Author: David FinsterLast Updated: Mon, Apr 12, 2021
Many applications, including some Vultr One-Click apps deploy with self-signed TLS/SSL certificates to protect your traffic when performing the initial configuration. When you connect, you may encounter a browser warning. This guide explains how to move past the browser warning and connect to the site.
Firefox has the most straightforward warning screen to navigate.
Click Accept the Risk and Continue.
You can bypass the security warning in Safari with a few mouse clicks.
You'll see a dialog titled This Connection Is Not Private. Click Show Details to expand the dialog.
Click the visit this website link.
A new dialog appears. Click Visit Website.
You'll be prompted to make changes to your Certificate Trust Settings. Use your Touch ID or enter your password.
You'll be able to proceed to the site.
If you want to revoke the certificate, launch Keychain Access and delete the certificate in the login keychain.
In the last few versions, Chrome has made it more difficult to bypass the invalid certificate warning. On Windows you may still have a Continue to ... link when you click the Advanced button, but on macOS there is no button or link to bypass the warning.
Instead, you have to type a magic phrase. There's no input field; just click the page to make sure it has focus, then type:
This magic phrase isn't officially documented, but you can find it buried in the Chromium source code as a base64 encoded string.
At one point in the past, the magic phrase was
badidea, and the Chromium developers may change it again in the future. If you discover that
thisisunsafe has stopped working, please let us know.
If you've used the
thisisunsafe trick and need to re-enable the warnings, click the Not Secure flag in the address bar, then click Re-enable warnings in the information panel.
Brave is a Chromium-based browser. The warning looks the same as Chrome, and the magic phrase is the same:
Edge is a Chromium-based browser with a slightly different screen. You can still click a link to bypass.
You can also use the magic phrase:
Opera is a Chromium-based browser. The warning screen looks a little different but uses the same magic phrase:
HTTPS requires a TLS/SSL certificate, and if you have a domain name for your site, you can get a free Let's Encrypt certificate. However, some sites don't have domain names, or maybe you haven't set it up yet. In those cases, you can use a self-signed certificate. Self-signed certificates allow the server to encrypt the web traffic, but a certificate authority hasn't signed them.
At one time, HTTPS protocol was unusual enough that popular browsers would warn, You are about to view pages over a secure connection. To turn this warning off, you had to check the do not show this warning box.
Fortunately, we've moved past that. Most websites use HTTPS by default, and modern browsers will warn you if they don't.