Self-Signed Certificate with HSTS Site and ZAP with Chrome

twitter logo github logo ・1 min read

If you happen to have problems with OWASP ZAP using Chrome and visiting a site that supports HSTS in Windows? Just follow theses steps:

  1. Enable unsafe renegotiation in ZAP
  2. Install Java Cryptography Extension (JCE) for your Java version. Here is the link for Java 8

    • Download and unzip the file.
    • Extract jce\local_policy.jar and jce\US_export_policy.jar from the archive to the folder %JAVA_HOME%\jre\lib\security, overwriting the files already present in the directory.
  3. Disable security in Chrome options.

    • Go to chrome://settings
    • Click on Protect you and your device from dangerous sites to disable it.
twitter logo DISCUSS
Classic DEV Post from Feb 25

The Best Way to Advance Your Career

Where I answer a query from one of my awesome readers about how to advance your career based on my experience.

GaMa profile image
Dev, Infosec

It's like Medium meets Reddit, but specifically for software developers. Sign up now ❤️

(And we're open source!)