Security Exceptions in Chrome/Firefox/Safari

[scottcurtis2605]

In the 'getting started' section, after navigating to the 'finish' directory and running the Maven command to start the server, the application metrics URL ('https://localhost:9443/metrics/application') causes a security exception in all three browsers. This does not occur with any of the other URLs in other guides.

While this is easy to bypass, it may be worth mentioning in the guide for less experienced users.

[evelinec]

I thought there was such message in the guide before. @andrewdes can you take a look and fix.

[andrewdes]

There will be a new function/fix for 18.0.0.3, so once that happens we will update the guide accordingly.

[evelinec]

Assign to @justineechen to see to double check with 18003.

[justineechen]

The security exception still occurs after 18003, this is the same security exception in Security Guide when users need to be authenticated.

[Joseph-Cass]

I'm running into this issue on Chrome, and the Visit this unsafe site option seems to have been removed in a Chrome update so I can't access the URL at all...

Your connection is not private
Attackers might be trying to steal your information from localhost (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_INVALID

It can still be bypassed on Safari and Firefox, for now, but my guess would be that they'll follow in the future.

[yeekangc]

Thanks, @Joseph-Cass. We will take a look.

[Joseph-Cass]

Thanks, @Joseph-Cass. We will take a look.

Thanks @yeekangc :) I have made a PR with one potential solution #102

[gkwan-ibm]

close

• dup of Confusion re login credentials to access metrics endpoint #77, also related to set authentication="false" or not set