Forum Discussion

adipose's avatar
adipose
Brass Contributor
May 02, 2019

Ability to save passwords for sites with invalid SSL certs

See here for a bug that has been ignored by Google for 4.5 years:   https://bugs.chromium.org/p/chromium/issues/detail?id=431618   The ability to save passwords for sites is a convenience that mo...
Eric_Lawrence's avatar
Eric_Lawrence
Icon for Microsoft rankMicrosoft
Feb 25, 2021
If the Self-Signed certificate is properly imported into the Trusted CA store, and if there are no other errors in the certificate (e.g. expired, name mismatch, etc), then the site will load without errors or security warnings in Edge, and the password manager will permit you to save the password for later use.
goodwill1120's avatar
goodwill1120
Copper Contributor
Feb 28, 2021

Eric_Lawrence We are not asking for a workaround. Of coz I know make my cert valid is going to solve this. The problem is there are plenty of reasons why the cert is invalid and they can be perfectly intentional (or I should say not something I consider need to fix), so why block a feature when I know what I am really doing?

  • Eric_Lawrence's avatar
    Eric_Lawrence
    Icon for Microsoft rankMicrosoft
    Feb 28, 2021
    goodwill1120: As noted immediately above, not everyone recognized that a workaround is available, and some are delighted to have one.

    The problem isn't the scenario where you have decided not to fix the security threat; the problem is the scenario where the user is actively under attack and does not recognize the implications of, say, clicking through a certificate error "just to see". You can follow the conversation in https://crbug.com/431618.
    • mateo_ca's avatar
      mateo_ca
      Copper Contributor
      Jul 07, 2024

      You're stuck in the box... This is not a security problem, this is a "we don't give a poop" problem.

    • adipose's avatar
      adipose
      Brass Contributor
      May 06, 2023
      And how does refusing to save the password mitigate the risk of that scenario?

Resources