Can not access hopsworks with chrome browser

Yingding · December 11, 2021, 10:45am

I got really a hard time to connect to my on-prem hopsworks 2.4 from a chrome browser.

Before I have renewed the SSL Glassfish certificate, I managed to open hopsworks with “thisisunsafe” trick in Chrome. Now I added a SSL wildcard certificate, which I got the following error from my tcp request, it has something to do with strict-origin-when-cross-origin policy.

I can open my on-prem hopsworks both with Firefox and Safari and my custom SSL Cert is also recognised by Firefox and Safari.

Has anyone experienced the same issue like me with chrome browser? I have already cleared all my chrome history, clear my mac’s DNS, the dig call findes the feature store hosts. The network cache is also disabled in chrome, disable cache (while DevTools is open) is also activated in Chrome dev tool.

Yingding · December 11, 2021, 7:27pm

I finally figured out what happend, would like to share. I installed hopsworks with single host option without ssl, and added my company’s 256bit encrypted SSL cert to the glassfish keystore.

The Glassfish has a default cypher suit 128Bit, which results in a SSL/TLS v1.2 Connect with 128Bit encryption. And Google Chrome and Microsoft Edge consider TLS connect with 128Bit encryption unsafe, which are not the case for Firefox and Safari.

My solution was change the Cypher Suit for the HTTPS Listener in Payara Glassfish Admin Panel to TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA and restart the glassfish-domain1 service. After that the chrome browser can access my on-prem hopsworks with my custom SSL Cert.