Getting Chrome to accept self-signed localhost certificate

Question

I have created a self-signed SSL certificate for the localhost CN. Firefox accepts this certificate after initially complaining about it, as expected. Chrome and IE, however

Answer 1

If you're on a mac and not seeing the export tab or how to get the certificate this worked for me:

1. Click the lock before the https://
2. Go to the "Connection" tab

3. Click "Certificate Information"

   Now you should see this:

4. Drag that little certificate icon do your desktop (or anywhere).

5. Double click the .cer file that was downloaded, this should import it into your keychain and open Keychain Access to your list of certificates.

   In some cases, this is enough and you can now refresh the page.

   Otherwise:

6. Double click the newly added certificate.
7. Under the trust drop down change the "When using this certificate" option to "Always Trust"

Now reload the page in question and it should be problem solved! Hope this helps.

---

Edit from Wolph

To make this a little easier you can use the following script (source):

1. Save the following script as whitelist_ssl_certificate.ssh:

   #!/usr/bin/env bash -e
   
   SERVERNAME=$(echo "$1" | sed -E -e 's/https?:\/\///' -e 's/\/.*//')
   echo "$SERVERNAME"
   
   if [[ "$SERVERNAME" =~ .*\..* ]]; then
       echo "Adding certificate for $SERVERNAME"
       echo -n | openssl s_client -connect $SERVERNAME:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | tee /tmp/$SERVERNAME.cert
       sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" /tmp/$SERVERNAME.cert
   else
       echo "Usage: $0 www.site.name"
       echo "http:// and such will be stripped automatically"
   fi
   

2. Make the script executable (from the shell):

   chmod +x whitelist_ssl_certificate.ssh
   

3. Run the script for the domain you want (simply copy/pasting the full url works):

   ./whitelist_ssl_certificate.ssh https://your_website/whatever