Make Chrome Accept a Self-Signed Certificate (on OSX)

If your organization is like most, they will have sites that use a self-signed (or untrusted authority) certificate.

From Wikipedia:

In cryptography and computer security, a self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. This term has nothing to do with the identity of the person or organization that actually performed the signing procedure. In technical terms a self-signed certificate is one signed with its own private key.

The reason Chrome doesn’t trust this by default is that it has no way to verify that the certificate is being sent by the server that generated the key, and therefore can’t ensure that the server actually is the one that the certificate claims it is.

So when you go to the site, you get the scary looking screen that warns you that your connection might not actually be secure (because self-signed certificates are more vulnerable to a man-in-the-middle attack).

Screen Shot 2014-09-19 at 5.03.32 AM

To get past this error, you can click the little “Advanced” link, to again be warned about the error, and then click the scary link that allows you to proceed to the unsafe site:

Screen Shot 2014-09-19 at 5.06.16 AM

Along with the warning (and the whole time you are on this unsafe site), you’ll also see the crossed out lock icon, and the https will be red and struck through

Screen Shot 2014-09-19 at 5.08.42 AM

To correct this, you need to import the certificate into your keychain (Chrome uses the standard Mac security). The first step is to click on the lock icon with the red ‘x’ on it:

Screen Shot 2014-09-19 at 5.13.59 AM

Click on the “Certificate Information” link, and you’ll see something like this:

Screen Shot 2014-09-19 at 5.17.00 AM

Now comes the less than intuitive part: Grab the certificate image and drag it to your desktop (or if you have keychain open you can just drag it there):

Screen Shot 2014-09-19 at 5.19.56 AM

If you placed the certificate on your desktop, double click it to start the import process, and be sure to set it as “System” on the keychain drop down:

Screen Shot 2014-09-19 at 5.29.52 AM

You’ll then get prompted for your password, and keychain should open asking you if you want to trust the certificate:

Screen Shot 2014-09-19 at 5.32.48 AM

To complete the import just click the “Always Trust” button. If they’ve created the certificate for SSL, that would be all you need to do. However most of the time it’s just a simple X.509 certificate, which means you have to tell your machine to trust it for SSL.

So from keychain, reopen the certificate, Expand the Trust section, and change the SSL setting to “Always Trust”

Screen Shot 2014-09-19 at 5.37.27 AM

Close the dialog to save the changes (you’ll be prompted for your password again), and that’s it. If you refresh the browser window you should see the happy green lock:

Screen Shot 2014-09-19 at 5.41.27 AM

If you don’t see the green lock, just restart Chrome (which you can do by typing “chrome://restart” into the address bar).




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.