Self-Signed Certificate with HSTS Site and ZAP with Chrome

twitter logo github logo ・1 min read

If you happen to have problems with OWASP ZAP using Chrome and visiting a site that supports HSTS in Windows? Just follow theses steps:

  1. Enable unsafe renegotiation in ZAP
  2. Install Java Cryptography Extension (JCE) for your Java version. Here is the link for Java 8

    • Download and unzip the file.
    • Extract jce\local_policy.jar and jce\US_export_policy.jar from the archive to the folder %JAVA_HOME%\jre\lib\security, overwriting the files already present in the directory.
  3. Disable security in Chrome options.

    • Go to chrome://settings
    • Click on Protect you and your device from dangerous sites to disable it.
twitter logo DISCUSS
Classic DEV Post from Nov 22 '18

Choose Your Own (Career) Adventure

If you could be doing more of something or less of something, what would it be?

GaMa profile image
Dev, Infosec

👋 Hey reader.

Do you prefer sans serif over serif?

You can change your font preferences in the "misc" section of your settings. ❤️