I can’t use local file linking and launch Toolkit applications from Chrome

Overview

Sometimes in ShotGrid the action menu will not display the list of Toolkit applications available or will error when using local file linking, even with ShotGrid Desktop running. This is a guide to troubleshooting ShotGrid Desktop’s browser integration in Chrome and will hopefully help you get things working. We have a separate guide for Firefox.

Diagnosing the issue

Is ShotGrid Desktop running?

Yes, we know. You probably already checked. We had to ask. :)

Have you restarted Chrome since ShotGrid Desktop started?

If you have launched Chrome before allowing ShotGrid Desktop to register the certificate (this happens only the first time you launch ShotGrid Desktop and will not be an issue afterwards), Chrome will use an out of date copy of the certificates and will refuse to connect to ShotGrid Desktop. Closing all tabs will not necessarily close Chrome, so we recommend that you type chrome://restart in the address bar and hit enter. This will ensure that all Chrome related processes will be terminated and Chrome then restarted.

Are you using firewall software?

Ensure that no firewall software is preventing connections to localhost or on port 9000.

Is Chrome rejecting the certificate?

You can verify that Chrome accepts the certificate by browsing to https://localhost:9000. This is the address the ShotGrid website tries to access in order to do local file linking and launch Toolkit applications. You should normally be greeted by this message:

Autobahn Python message

On the other hand, if you are greeted by one of these messages, it means there was a problem with the certificate registration process:

Your connection is not private message

Can't provide a secure connection message

How to quickly fix certificate issues

The easiest way to circumvent those issues is to click ADVANCED and Proceed to localhost (unsafe). This will let Chrome know that you are accepting the certificate nonetheless and will allow the ShotGrid website to communicate with ShotGrid Desktop.

Note : This only enables the connection between your web browser and ShotGrid Desktop. The trust setting lets traffic flow between these two applications, it does not imply trust of any other server on the internet. Unfortunately, this process needs to be repeated on every single computer with the problem. If this doesn’t solve the issue or you feel it would be too complicated to deploy to all your users, we recommend you take a look at the following steps.

Note : This step fix is not applicable to the ERR_SSL_SERVER_CERT_BAD_FORMAT error and you will need to regenerate the certificates, as outlined below.

Fixing NET::ERR_CERT_COMMON_NAME_INVALID and ERR_SSL_SERVER_CERT_BAD_FORMAT on all platforms

Chrome regularly upgrades its security around self-signed certificates and our browser integration is sometimes broken by these updates. Unfortunately, these sorts of issues can only be remediated by regenerating the certificate’s certificate_path.

To regenerate the certificates, you can pick the Regenerate Certificates option under the Advanced section of ShotGrid Desktop’s user menu. (If you don’t see this option, please make sure you update the tk-desktop engine to unlock it.)

After confirming that you want to regenerate the certificates, a series of dialogs will pop-up just like the first time you’ve generated the certificates. On Windows and macOS, you will be prompted to update the Windows Certificate Store or the macOS keychain twice: once to remove the old certificate and once to register the new one. On Linux, the registration is done silently. Once this is done, let ShotGrid Desktop restart.

Once ShotGrid Desktop is back up and running, we recommend you restart Chrome by typing chrome://restart in the address bar to ensure that Chrome is completely shut down and that its certificate cache is cleared.

If your computer is not connected to the Internet and can’t download the updates, please visit our support site for help.

Fixing NET::ERR_CERT_AUTHORITY_INVALID on Windows

Under certain circumstances, Windows will report that a certificate has been imported successfully, but will not make it available to applications requiring it. This can be validated by visiting the certificate dialog on Windows. To access it, hit the Windows key and type Internet Options. On the Internet Properties dialog, switch to the Content tab and then click on the Certificates button. Finally, click on the Trusted Root Certification Authorities and look for localhost.

Search Windows for internet options

Content tab of the internet properties

Windows Certificates

If the entry is missing, there is probably a group policy issue on your Windows domain or local computer. If it is present, we recommend you contact our support team.

At this point, we recommend that you communicate with the person who administers the Windows computers for your organization and ask that person about any group policies that could have been set that instructs Windows not to trust self-signed certificates.

Investigating Group Policy Issues

If your computer is on a domain, the administrator can try out the steps detailed in this StackExchange post.

If your computer is not on a domain, it is possible the computer has still been locked down by the administrator. For the following steps, you will need a Windows administrator account.

Hit the Windows keys, type mmc and hit enter. This will launch the Microsoft Management Console. In the application, click on the File menu and select Add\Remove Snap-In. This will show the Add or Remove Snap-ins dialog. On the left-hand side, search for Group Policy Object Editor and click Add >. A new dialog will appear, which you can dismiss by clicking Finish. Finally, click OK on the Add or Remove Snap-ins dialog.

Microsoft Managment Console Add Remove Snap-ins

Finally, on the left-hand side of the main dialog, navigate to Local Computer Policy/Computer Configuration/Windows Settings/Security Settings/Public Key Policies. Once selected, double click Certificate Path Validation Settings in the central pane.

Certificate path validation settings

On the next dialog, make sure that Define these policy settings is unchecked. If it is checked, make sure that Allow user trusted root CAs to be used to validate certificates (recommended) is checked. Once you’re done, click OK and the settings will be saved.

At this point, you need to close all Chrome windows and restart Chrome. We recommend doing so with chrome://restart as we did above. This is required for the changes that have been made to take effect. Browsing to the certificates list should now show the localhost certificate.

If you still encounter issues using the browser integration after these changes, or if the settings were correct in the first place, please contact our support team.

Troubleshooting on other OSes

If you have issues with the ShotGrid Desktop integration on other OSes, please contact our support team so that we can assist you and update this article.


Edit this document