Trust self signed Cert in Chrome macOS 10.13

I'm trying to always trust a self signed certificate but I'm having issues.

For one, when I try to drag the certificate to a folder or desktop, it just doesn't do anything. I can do the same from safari to save the certificate, but not chrome.

And when I dragged that certificate to keychain access, added it, and trusted it, it worked in safari after that. But still not chrome.

How can I get a cert from chrome and have it always be trusted on macOS 10.13?

cclloyd

Posted 2018-09-20T03:14:14.780

Reputation: 331

I think it depends on the User Agent. A command line tool, like curl, openssl and wget, will root trust in a self signed certificate. However, I believe some browsers, like Chrome and Firefox, generally require you to root trust in a CA certificate. (And then the CA certificate would issue a end-entity/server certificate for the domain). – jww – 2018-10-06T12:03:19.437

Answers

From your description, it seems to me that you have installed the certificate as a simple X.509 certificate, but have not set it to be trusted for SSL.

To do that, from the keychain, reopen the certificate, expand the Trust section, and change the SSL setting to "Always Trust"

Close the dialog to save the changes (you’ll be prompted for your password again). If you refresh the browser window you should see the happy green lock:

If you don’t see the green lock, just restart Chrome or type chrome://restart into the address bar.

harrymc

Posted 2018-09-20T03:14:14.780

Reputation: 306 093

I know how to trust it once I have the cert, but the issue is Chrome won't save the cert. I drag it into keychain access, finder, something, and just... nothing happens. – cclloyd – 2018-09-30T21:46:02.410

Here is a complete article about the procedure. Please add to your what you exactly you did and whether the results look like the screenshots in the article. – harrymc – 2018-10-01T07:53:08.107

When I try to drag the certificate anywhere (desktop, downloads, keychain access), nothing happens. – cclloyd – 2018-10-01T08:06:30.610

It looks to me like something is wrong with it. Try to explicitly open it with a utility to see if it gives an error message. – harrymc – 2018-10-01T08:09:02.060

To troubleshoot this kind of problem, open Developer Tools, go to Security tab, and you will see why Chrome deems the certificate invalid.

It is likely to be due to its lack of subjectAltName extension.

You can remedy this by following these steps: https://stackoverflow.com/a/56530824/2873507

Vic Seedoubleyew

Posted 2018-09-20T03:14:14.780

Reputation: 188