I recently dedicated one PC on my home LAN as a Chrome 7 development server for migration of a Drupal 6 production website and find that the Chrome browser on my desktop cannot access the development website using either http or https and I think it may have something to do with HSTS and the server's self-signed certificate.
The server is named ASW.DEV and has a static IP LAN address which was added to my desktop's hosts file in Windows 7. I can access the website using IE and firefox browsers, and from chrome on my laptop, but not from the chrome browser on my desktop. When I navigate to ASW.DEV from my desktop, chrome gives me the following Privacy Error
- Privacy Error.jpg (20.98 KiB) Viewed 2723 times
and when I click on Advanced, the diagnostic message includes "You cannot visit asw.dev right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later." I do not see that HSTS is invoked anywhere in my Apache or SSL configuration, but when I check the Chrome browser's internal site settings with "chrome://net-internals/#hsts", I see that asw.dev and
http://www.asw.dev are both set to https only.
- HSTS restriction.jpg (25.79 KiB) Viewed 2723 times
Unfortunately entering either form of asw.dev in Chrome's "Delete domain security policies" does nothing. I checked to see if either domains might be in Google's "preloaded" list and they do not seem to be. So my conclusion is that something in my Desktop version of Chrome (Version 63.0.3239.40 (Official Build) beta 64-bit) is causing this problem and there are 3 options, each of which I tried without success:
1 - Remove HSTS restriction from Chrome (Doesn't work)
2 - Get Apache to serve valid https (Gives certificate error)
3 - Rebuild/reset the website's Self-Signed Certificate for https (Also gives certificate error)
4 - Rename the development website to get around the problem (Haven't done this yet)
If anyone has any ideas on how to correct this problem, I sure would appreciate the guidance. Thanks.
