WebView2 IgnoreHttpsError Demo - Ignoring HTTPS Certificate Errors

Overview

Demonstrates how to ignore HTTPS certificate errors in cWebView2Host, useful for accessing internal sites that use self-signed certificates.

Project Structure

Download Source [ Note: Re-register the DLL file in the bin directory ]

Source code is available in the VBMAN2 project's demos/webview2/ignoreHttpsError directory.

ignoreHttpsError/
  ├── Form1.frm              # Main form, containing certificate error bypass configuration
  ├── vbman2_webview2.vbp    # VB6 project file
  └── vbman2_webview2.vbw    # VB6 workspace file

Core Code Walkthrough

1. Declaration and Initialization (Form1.frm)

Dim WithEvents wv As cWebView2Host

Private Sub Form_Load()
    Set wv = New cWebView2Host
    wv.Initialize Me.hWnd, "https://cad.vb6.pro/"   ' Self-signed certificate site
End Sub

Uses WithEvents to receive the Create event. The target URL is a site using a self-signed certificate.

2. Configure Security Options in Create Event

Private Sub wv_Create()
    wv.Security.CertificateErrorAction = CEA_AlwaysAllow
End Sub

Key: Security options must be set in the wv_Create event, when WebView2 has been created but navigation has not yet truly started.

Feature Description

1. Certificate Error Bypass

   • CEA_AlwaysAllow enum value always allows certificate errors
   • Internally injects --ignore-certificate-errors into browser command-line arguments
   • Must be set before navigation starts

2. Three-Phase Initialization Pattern

   • Initialize(hWnd, url) → Create WebView2
   • wv_Create() → Configure security options
   • Auto-navigate → Page loads normally

3. Why Not Set in Form_Load

   • Initialize starts asynchronous WebView2 environment creation
   • Security settings need to take effect after environment creation but before navigation starts
   • wv_Create is exactly this time window

Technical Notes

1. CEA_AlwaysAllow Implementation: cWebView2Host injects the --ignore-certificate-errors Chrome command-line switch into AdditionalBrowserArguments. This is the most reliable approach, as CDP's Security.setOverrideCertificateErrors is unreliable in WebView2

2. Timing: Must be set in the wv_Create event. If set after this, the current navigation cannot be affected

3. Global Effect: This setting affects all subsequent navigations, not just the initial URL

4. Security Warning: Use this feature with caution in production environments; only use in trusted networks

Use Cases

1. Internal development environments using self-signed certificates
2. Test environments with improperly configured certificates
3. Enterprise intranets using private CAs
4. Debugging HTTPS-related issues

Extension Suggestions

1. Use conditional logic to enable certificate bypass only for specific domains
2. Production environments should use valid certificates rather than bypassing verification
3. Future ICoreWebView2_14 interface may support deeper certificate control