browse
We now have a more manageable and enduring solution for this issue that applies to all sites. While the information provided below remains relevant, we suggest exploring the permanent fix by installing the Cisco Root CA, as detailed in this article:
https://docs.umbrella.com/product/umbrella/rebrand-cisco-certificate-import-information/
This page is a guide for when a certificate error for *.cisco.com appears in Chrome (for Windows), but it is not able to be bypassed by adding a certificate exception.
The cause of this message is the implementation of HTTP Strict Transport Security (HSTS) or pre-loaded Certificate Pinning in modern browsers which enhances their overall security. This extra security for HTTPS pages prevents the Umbrella block page and bypass block page mechanism from working when HSTS is active for a website. For more information about HSTS, please refer to this article.
Note:
Due to changes in HSTS, the Block Page Bypass (BPB) system does not work with certain sites due to non-bypassable certificate errors. In order to allow these sites to work with BPB in Chrome (for Windows), you must use a special switch when starting the browser. Some common sites that will not work with BPBin Chrome include: Facebook, Google Sites such as Gmail and YouTube, Dropbox and Twitter. For a full list of sites, please read here.
Disabling Chrome Certificate Checks (Windows Only)
To force Chrome to ignore these errors, you'll need to set your shortcut for Chrome to launch the application with the following switch:
--ignore-certificate-errors
Note that Google may choose to remove this feature at any time and thus it is only recommended as long as it is available:
To add this command line flag to Chrome, right-click the Chrome icon shortcut, select "Properties" and add it to the and selecting "Properties", then adding it to the Target as shown below:
Once this flag is added, you can use BPB normally on the sites in the pre-loaded HSTS list to be able to bypass them.
In the example above, although twitter.com is on the HSTS preloaded list, by ignoring the certificate warning we can use Block Page Bypass as designed.