Node-red-contrib-web-page-screenshot "Your connection is not private" Error

General
1

The tool "node-red-contrib-web-page-screenshot" has worked on every webpage I have tried it on, except the ones that throw a "Your connection is not private" certificate error.

I've tested http, https, http with atypical ports, https with atypical ports... all fine.. unless there is a cert error..

Directly from command line to a local machine that doesn't have a signed cert...
/usr/bin/chromium-browser --disable-gpu --headless --window-size=1920,1080 --ignore-certificate-errors --screenshot=/tmp/image2.png https://10.128.128.14/

I receive the following error:
[0529/205143.150969:ERROR:cert_verify_proc_nss.cc(998)] CERT_PKIXVerifyCert for 10.128.128.14 failed err=-8179

A file is still created, but it is just the site's background image and nothing else...
[0529/205143.409172:INFO:headless_shell.cc(619)] Written to file /tmp/image2.png.

The questions are:

  1. Any idea on how to bypass the "Your connection is not private" click to proceed error via the command line. With this I can work round the issue in the near term...

  2. Can the fix to the previous question be incorporated into this screenshot node?

As I said it works on most everything I've tested so its pretty solid, minus this certification issue.

Thanks!
MGarito

2

I read that there is an option (version dependent):

--allow-insecure-localhost
3

This would only help if the web server was running on the same system.

4

@mgarito As it's a local machine, would it be out of the question to configure it to use plain http (only for local connections if it's also accessed externally)?

5

Hi @ristomatti ,

  • Node-Red is running on an Ubuntu Server I manage.
  • The server I'm trying to generate a screenshot from is a Windows Server I also manage.
  • The services running on the Windows Server are mission critical so our security policy prevents me from running open-sourced tools local on the windows server.

The goal is to display the screenshots on a remote smart display in a sudo-public setting. Thus the topology is: Smart Display: request page <-> Node-Red: convert to screenshot <-> Windows Server

Unfortunately, allowing direct access between the smart display and the Windows server creates a security vulnerability, so this is the best work around I've been able to come up with so far. And I said it works for all sites that don't have the "Your connection is not private" certificate error.

Thanks!
MGarito