I can't use local file linking and launch Toolkit applications from Chrome

Overview

Sometimes in Shotgun the action menu will not display the list of Toolkit applications available or will error when using local file linking, even with Shotgun Desktop running.  This doc is a guide to troubleshooting Shotgun’s connection to Desktop and will hopefully help you get things working.

Diagnosing the issue

Is Shotgun Desktop running?

Yes, we know. You probably already checked. We had to ask. :)

Have you restarted Chrome since Shotgun Desktop started?

If you have launched Chrome before allowing the Shotgun Desktop to register the certificate (this happens only the first time you launch the Shotgun Desktop and will not be an issue afterwards), Chrome will use an out of date copy of the certificates and will refuse to connect to the Shotgun Desktop. Closing all tabs will not necessarily close Chrome, so we recommend to type chrome://restart in the address bar and hit enter. This will ensure that all Chrome related processes will be terminated and Chrome then restarted.

Are you using firewall software?

Ensure that no firewall software is preventing connections to localhost or on port 9000.

Are you hosting your own Shotgun server?

If you are self-hosting your Shotgun server, i.e. not a shotgunstudio.com site, you need to tell the Shotgun Desktop browser integration which domain can access it. To know if you are running into this error, simply open up the Shotgun Desktop console and look for Invalid domain: xxx errors.

To fix this, you need to edit the toolkit.ini file. For example, if your local Shotgun server is shotgun.mydomain.com, you can add the following to the file:

[BrowserIntegration]
whitelist=shotgun.mydomain.com

Is Chrome rejecting the certificate?

You can verify that Chrome accepts the certificate by browsing to https://localhost:9000, which is the address the Shotgun website tries to access in order to do local file linking and launch Toolkit applications. You should normally be greeted by this message:

Screen_Shot_2016-12-12_at_07.38.04.png

On the other hand, if you are greeted by one of these two messages, it means there was a problem with the certificate registration process: 

Screen_Shot_2016-12-12_at_07.30.25.pngScreen_Shot_2017-04-25_at_21.48.39.png

How to quickly fix certificate issues

The easiest way to circumvent this issue is to click ADVANCED and Proceed to localhost (unsafe). This will let Chrome know that you are accepting the certificate nonetheless and will allow the Shotgun website to communicate with the Shotgun Desktop application. Note that this only enables the connection between your web browser and Shotgun Desktop. The trust setting just lets traffic flow between these two applications, it does not imply trust of any other server on the internet. Unfortunately, this process needs to be repeated on every single computer with the problem. If this doesn't solve the issue or you feel it would be too complicated to deploy to all your users, we recommend you take a look at the following steps.

Fixing NET::ERR_CERT_COMMON_NAME_INVALID on all platforms

Chrome recently upgraded its security around self-signed certificates and our browser integration has fell victim to this update. We've since released an update to the Shotgun Desktop that addresses this issue. In order to get the fix, first launch the Shogun Desktop and login to ensure you have downloaded the most recent updates. Once updated, you can close the application. You then need to delete the certificates that are currently on your computer. These are stored at

Windows: %APPDATA%\Shotgun\desktop\config\certificates
macOS: ~/Library/Caches/Shotgun/desktop/config/certificates
Linux: ~/.shotgun/desktop/config/certificates

Once this folder has been deleted, simply restart the Shotgun Desktop. On Windows and macOS, you will be prompted to update the Windows Certificate Store or the macOS keychain twice: once to remove the old certificate and once to register the new one. On Linux, the registration is done silently. At this point you should be good to go. Restart Chrome by typing chrome://restart in the address bar to ensure that Chrome is completely shut down and that its certificate cache is cleared.

If your computer is not connected to the Internet and can’t download the updates, please contact support@shotgunsoftware.com.

Fixing NET::ERR_CERT_AUTHORITY_INVALID on Windows

Under certain circumstances, Windows will report that a certificate has been imported successfully, but will not make it available to applications requiring it. This can be validated by visiting the certificate dialog on Windows. To access it, hit the Windows key and type Internet Options. On the Internet Properties dialog, switch to the Content tab and then click on the Certificates button. Finally, click on the Trusted Root Certification Authorities and look for localhost.

Screen_Shot_2016-12-12_at_08.01.19.png Screen_Shot_2016-12-12_at_08.03.30.png Screen_Shot_2016-12-12_at_08.10.22.png

If the entry is missing, there is probably a group policy issue on your Windows domain or local computer. If it is present, we recommend you contact our support team.

At this point, we recommend that you communicate with the person who administers the Windows computers for your organization and ask that person about any group policies that could have been set that instructs Windows not to trust self-signed certificates.

Investigating Group Policy Issues

If your computer is on a domain, the administrator can try out the steps detailed in this StackExchange post (gotta give credit where credit is due).

If your computer is not on a domain, it is possible the computer has still been locked down by the administrator. For the following steps, you will need a Windows administrator account.

Hit the Windows keys, type mmc and hit enter. This will launch the Microsoft Management Console. In the application, click on the File menu and select Add\Remove Snap-In. This will show the Add or Remove Snap-ins dialog. On the left-hand side, search for Group Policy Object Editor and click Add >. A new dialog will appear, which you can dismiss by clicking Finish. Finally, click OK on the Add or Remove Snap-ins dialog.

Screen_Shot_2016-12-12_at_08.53.51.png

Finally, on the left-hand side of the main dialog, navigate to Local Computer Policy/Computer Configuration/Windows Settings/Security Settings/Public Key Policies. Once selected, double click Certificate Path Validation Settings in the central pane.

Screen_Shot_2016-12-12_at_08.57.59.png

On the next dialog, make sure that Define these policy settings is unchecked. If it is checked, make sure that Allow user trusted root CAs to be used to validate certificates (recommended) is checked. Once you're done, click OK and the settings will be saved.

At this point, you need to close all Chrome windows and restart Chrome. We recommend doing so with chrome://restart as we did above. This is required for the changes that have been made to take effect. Browsing to the certificates list should now show the localhost certificate.

If you still encounter issues using the browser integration after these changes, or if the settings were correct in the first place, please contact our support team.

Troubleshooting on other OSes

If you have issues with the Shotgun Desktop integration on other OSes, please contact our support team so that we can assist you and update this article.

 

 

Follow

0 Comments

Please sign in to leave a comment.