Remove a pinned certificate from Firefox and Chrome

Created:

Introduction

HSTS or certificate pinning is a security policy to avoid man in the middle attacks. Sometimes you want to debug application with a proxy and HSTS will avoid the developer to debug the web application with firefox or chrome. In this short guide we explain how to disable certificate pinning for Firefox and Chrome.

How to Remove a pinned certificate from Firefox

  1. Quit Firefox
  2. Open the file named "SiteSecurityServiceState.txt" in the Firefox profile you are using. Default location is ~/.mozilla/firefox).

How to Remove a pinned certificate from Chrome

  1. Go to the URL chrome://net-internals/#hsts
  2. Now delete the related domain