Apache
October 6, 2010
Google Chrome, Mac OS X and Self-Signed SSL Certificates
I’ve been using Google Chrome as my primary browser for the last few months. Sorry, Firefox, but with all the stuff I need to work installed, you’re so slow as to be unusable. Up to and including having to force-quit at the end of the day. Chrome starts and stops quickly But that’s not the purpose of this entry. The purpose is how to live with self-signed SSL certificates and Google Chrome.
Let’s say you have a server with a self-signed HTTP SSL certificate. Every time you hit a page, you get a nasty error message. You ignore it once and it’s fine for that browsing session. But when you restart, it’s back. Unlike Firefox, there’s no easy way to say “yes, I know what I’m doing, ignore this.” This is an oversight I wish Chromium would correct, but until they do, we have to hack our way around it.
Caveat: these instructions are written for Mac OS X. PC instructions will be slightly different at PCs don’t have a keychain, and Google Chrome (unlike Firefox) uses the system keychain.
So here’s how to get Google Chrome to play nicely with your self-signed SSL certificate:
On your web server, copy the crt file (in my case, server.crt) over to your Macintosh. I scp'd it to my Desktop for ease of work.
**
These directions has been updated. Thanks to Josh below for pointing out a slightly easier way.**
In the address bar, click the little lock with the X. This will bring up a small information screen. Click the button that says “Certificate Information.”
Click and drag the image to your desktop. It looks like a little certificate.
Double-click it. This will bring up the Keychain Access utility. Enter your password to unlock it.
Be sure you add the certificate to the System keychain, not the login keychain. Click “Always Trust,” even though this doesn’t seem to do anything.
After it has been added, double-click it. You may have to authenticate again.
Expand the “Trust” section.
“When using this certificate,” set to “Always Trust”
That’s it! Close Keychain Access and restart Chrome, and your self-signed certificate should be recognized now by the browser.
This is one thing I hope Google/Chromium fixes soon as it should not be this difficult. Self-signed SSL certificates are used **a lot **in the business world, and there should be an easier way for someone who knows what they are doing to be able to ignore this error than copying certificates around and manually adding them to the system keychain.
Read More