Add permanent SSL certificate exception in Chrome (Linux)

linux google-chrome ssl certificate exceptions
184,975

Solution 1

This is a summary of the answers from the thread
Disable Google Chrome warning if security certificate is not trusted.

You can avoid the message for trusted sites by installing the certificate.
This can be done by clicking on the warning icon in the address bar, then click
Certificate Information -> Details Tab -> Export...
Save the certificate.

Use Chrome's Preferences -> Under The Hood -> Manage Certificates -> Import.
On the "Certificate Store" screen of the import, choose "Place all certificates in the following store" and browse for "Trusted Root Certification Authorities." Restart Chrome.

Solution 2

Using Chrome Version 23.0.1271.97 on Linux:

  1. First click on the certificate warning and export the certificate to your file system. (Connection > Certificate Information > Details > Export)

  2. Then use certutil in order to add this saved certificate as a trusted peer:

    certutil -d sql:$HOME/.pki/nssdb -A -t P -n <certificate nickname> -i <certificate filename>

  3. Restart Chrome and you're done.

Solution 3

The only way I got it working in Chromium with Ubuntu Linux is using this certutil commandline:

certutil -d sql:$HOME/.pki/nssdb -A -t "CP,CP," -n CertNickName -i cert_file.crt

Solution 4

Please have a look at this thread:
Can't convince Chrome that my Tivo's self signed certificate is ok.

The article remarks that:

You need to specify the "C,," trust flags to work around the NSS bug.

If this thread does relate to your problem, it looks like this is a known bug in Chrome, where the "P,," trust flags is not working: libpkix ignores the P (trusted peer) trust flag

I hope this helps (I'm answering a bit blindly, since I'm not on Linux).

Solution 5

Google Chrome in Linux doesn’t have a SSL certificate manager, it relies on the NSS Shared DB. In order to add SSL certificates to the database you will have to use the command line. I will explain how you can add the CAcert certificates and a very easy way to add self-signed certificates.

Please have a look at this thread: blog.avirtualhome.com/2010/02/02/adding-ssl-certificates-to-google-chrome-linux-ubuntu/

Share:
184,975
ya-ivanov
Author by

ya-ivanov

Updated on September 17, 2022

Comments

  • ya-ivanov
    ya-ivanov over 1 year

    I have a problem with a website that has an SSL certificate which doesn't correspond to the website domain. Chrome gives me a warning for this website (and rightly so), which I have to ignore manually. Every time I restart Chrome, I need to ignore the certificate issue again.

    I've tried adding the certificate as a trusted one with certutil, using C,, and P,, trustargs, but it doesn't work. I can't find a set of trustargs that will tell it to ignore which domain is using the certificate.

    Is there a way to tell Chrome (or certutil) to trust this certificate whatever domain uses it?

  • ya-ivanov
    ya-ivanov about 14 years
    Thank you, but this only works on Windows. On Linux, Chrome uses the certutil command line tool to manage certificates, nothing else.
  • ya-ivanov
    ya-ivanov about 14 years
    Thanks, it seems to be related to my problem, and hence a bug in Chrome. I'll consider your suggestion as an answer to my question, even though it doesn't really fix my problem :-)
  • ya-ivanov
    ya-ivanov about 14 years
    It seems I can't select your answer as the right one anymore because the bounty expired :'(
  • harrymc
    harrymc about 14 years
    @Raphink: Does this work after all in Linux?
  • ya-ivanov
    ya-ivanov about 14 years
    No, it doesn't work on Linux, and the bounty cannot be relaunched.
  • user5504603
    user5504603 over 11 years
    FYI, this (now?) does work on Chromium 18, Ubuntu 12.04 - same instructions found here: superuser.com/a/41937/55046
  • gatoatigrado
    gatoatigrado over 10 years
    This worked for me, thanks! I had to run this first (opensuse linux): sudo zypper install mozilla-nss-tools
  • Josef Sábl
    Josef Sábl over 9 years
    Good answer, thank you. I just wish it was easier, 1 click ideally :-)
  • Sean the Bean
    Sean the Bean over 9 years
    2 quick things to add to this: 1. It seems to work best if you go to the "Authorities" tab in the certificate manager, before clicking "Import..." (thus adding you, or whoever signed the certificate, as a trusted signer-of-certificates) 2. I'm not sure if I needed to, but I checked all the checkboxes under "Edit trust settings".
  • Rudi Strydom
    Rudi Strydom over 9 years
    Worked like a charm, never considered it thank you!
  • AlbertEngelB
    AlbertEngelB over 8 years
    You should move the stuff from the blog post into here. Currently as it stands this is pretty much a link-only answer.
  • Tomasz Gandor
    Tomasz Gandor over 8 years
    This is a great answer, if you want to understand better how it works, use certutil -H -A, and maybe read about trust flags in NSS Database: blogs.oracle.com/meena/entry/notes_about_trust_flags
  • The_Cute_Hedgehog
    The_Cute_Hedgehog over 7 years
    That worked for me on Centos 7
  • Elijah Lynn
    Elijah Lynn about 7 years
    -1 Need to explain here. Links die. This will live.
  • user1050755
    user1050755 about 7 years
    There is no certificate information any more in recent chrome versions.
  • harrymc
    harrymc about 7 years
    @user1050755: What do you mean? AFAIK certificates are reachable via Settings > Show advanced settings > HTTPS/SSL > Manage certificates.
  • cottontail
    cottontail almost 7 years
    @user1050755 Dev Tools (F12) > Security tab > View Certificate
  • nd34567s32e
    nd34567s32e over 6 years
    Worked Debian 9 also (requires libnss3-tools package installed first).
  • Mike Diehn
    Mike Diehn almost 6 years
    aaaaand the link is dead.
  • Nate Bosscher
    Nate Bosscher over 2 years

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why do I have untrusted certificates for Google, Yahoo, Mozilla and others?
"Private key is missing or invalid when importing a certificate" in Google Chrome
Chrome Certificate Selection appears multiple times
Chrome - certificate settings in Registry
How to debug ERR_PROXY_CERTIFICATE_INVALID?
Chrome is not accepting my IIS self-signed certificate
Disable Chrome from checking SSL certificates completely
Receiving SSL certificate errors only from some clients
Curl NSS error -12190 - Error in TLS handshake
The SSL CA cert (path? access rights) on Ubuntu 16?