How do I disable the warning Chrome gives if a security certificate is not trusted?

google-chrome certificate https

846,358

Solution 1

You can tell Chrome to ignore all SSL errors by passing the following at the command line:

--ignore-certificate-errors

I start Chrome from bash using this:

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ignore-certificate-errors &> /dev/null &

and it works great. Note that this should only be used for testing development websites, and should not be used by a typical end user.

Why? Because Chrome won't say anything about bad certs on "real" sites too! So only use this if you are a developer!

If you just want this for local SSL certificates, then you may be able to get away with just using this option in Chrome, allow-insecure-localhost:

chrome://flags/#allow-insecure-localhost

On a related note, if you want to create fully trusted self signed SSL certs for Chrome/Safari, you can find out how to do that here

Solution 2

You can avoid the message for trusted sites by installing the certificate.

This can be done by clicking on the warning icon in the address bar, then click

"Certificate Information" -> Details Tab -> Copy to file

Save the certificate, then double click on the certificate file. On the certificate window that opens, click install certificate, then walk through the install.

The next time you go to the site it should work fine without errors.

Solution 3

For Chrome on OSX, here's a relatively easy way to add the self-signed certificate to the system's Keychain, which is used by Chrome: Google Chrome, Mac OS X and Self-Signed SSL Certificates. No more annoying red warning screen! (I do wish Chromium would simplify adding the exception though.)

Solution 4

Instructions for Linux (Chrome 12+):

Certificate Information -> Details -> Export

Save the certificate as a file of your choice.

Preferences -> Under the hood -> Manage certificates -> Authorities

Import the file and check all the boxes when it asks. You are done.

It is very important to import under the Authorities tab, and not other!

Solution 5

On OsX you should export your certificate from firefox and import on keychain under the login profile.

View more solutions

846,358

sippa

Updated on September 17, 2022

Comments

sippa over 1 year

I want to know if it's possible to disable the warning you get in Chrome when you try to go to some HTTPS site that doesn't have a trusted certificate.

I have a few sites in my bookmarks that use HTTPS but none of them have trusted certificates, so each time I visit them I manually have to click "Proceed anyway" in the warning and it's getting kind of annoying.

Is there any way to disable the warning or somehow add these sites to some kind of safe list?
- Admin over 10 years
  
  Just in case, check your device date/time settings
- Admin almost 5 years
  
  The security interstitial bypass keyword mentioned by @Jeremy has been rotated, use thisisunsafe instead.
- Admin over 3 years
  
  @sippa can you please change the accepted answer, because accepted answer doesn't work for alot of people and it has low amount of upvotes .
sippa almost 15 years

Hmm.. I've tried what you said on two sites but it doesn't seem to be working. Do you think I have to reboot after I installed the certificate?
sippa almost 15 years

I also tried go into Options in Chrome and then Manage Certificates and import them that way. It says imported successfully but it doesn't show up in the list.
Admin over 14 years

Thanks! It works now when I imported to Trusted Root Certification Authorities like you said. I do hope they make it easier/faster to add sites to a safelist though.
Admin about 14 years

Google's "Manager Certificates" screen is a wrapper around Window's Certificate Manager (certmgr.msc). Both expose the same underlying concept: if you want to trust an untrusted certificate, you trust it by added it to the trusted store.
Chris Serra almost 13 years

Thank you. If you receive Error 100013 when adding it through Keychain Access, refer to this page: bit.ly/jBujt1
EmmyS over 12 years

@ChrisSerra - I'm trying to follow your bitly link but get a 404; can you elaborate on what the instructions there were?
Chris Serra over 12 years

@EmmyS: I'm sorry -- I really do not remember. Was trying to find the page in Google Cache, but was not successful. I'll try to review the process again, and see if muscle memory helps me recall the solution.
EmmyS over 12 years

@ChrisSerra - no big deal; we did figure out how to do it.
Admin over 11 years

These is now found by clicking "THree lines icon in upper right->Settings->Search box in upper right type "certi"->Manage Certificates...
Jonno Bourne over 11 years

Thanks for the link. It worked. It seems that the certificate's CN must still match the url's domain even after these steps. Also Step 5 on that site is not needed. It can be added to your login keychain and doesn't need to be in the system keychain.
Admin almost 11 years

Chrome asks me for a certificate's password: "Please enter the password that was used to encrypt this certificate file"
kachar almost 11 years

The file contained one certificate, which was not imported: xxx.xxxxx.com: Not a Certification Authority.
lzap almost 11 years

Well it looks like you dont have authority cert. Try different tab. The question is for authorities...
kachar almost 11 years

Yep, it worked on tab 'Other certificates'
Admin almost 10 years

@kachar try selecting authorities or servers tab as in here: code.google.com/p/chromium/issues/detail?id=90563#c6
Admin over 9 years

First you'll need to export the SSL certificate (the untrusted one) from the site you want to add an exception for. You can do that by clicking the red padlock icon to the left of the URL. From here you get a drop down with a 'certificate information' link. Click that link, go to the 'details' tab and 'copy to file'. I used the default options, exported to my desktop and then followed as cornelius10 suggested. In settings -> advanced settings, there'll be an SSL section. Go there and import the certificate you just exported. Worked a treat for me.
Admin about 9 years

I have tried this and other permutations suggested here and nothing works. I import the certificate but the message "Your connection is not private" is still shown. Is this still a valid solution?
Admin almost 9 years

Six years later and Chrome has totally messed up self-signed certificates. I did just as you described, but it only changed the error message to NET::ERR_CERT_COMMON_NAME_INVALID
Amalgovinus almost 9 years

This still gets me "NET::ERR_CERT_COMMON_NAME_INVALID"..
Dejv over 8 years

In order for this to work, the certificate author must match the domain. Otherwise the Chrome does not consider imported certificate as safe.
Chaoix about 8 years

Works on Windows too!
Admin about 8 years

@Amalgovinus: Can you please make a group who understand Chrome totally messed up self-signed certificates? And make a debate to let Chrome understand how much they screwed up about this ?
Admin about 8 years

They finally fixed the "stickiness" of this error a few months ago. It was pretty dumb that they changed the bypass phrase on that warning screen from "danger" to "badidea" though... essentially hiding the browser's functionality in easter eggs.. also pretty dumb
Danail Gabenski almost 8 years

This should be the accepted answer - this is such a MUST KNOW answer, it's not even funny. Thanks Brad !
Srinivas Gollapudi almost 8 years

This was the solution I was looking for. Works on Windows. Must work on other platforms too. Just run the executable with the mentioned flag.
Trevor Sullivan over 7 years

+1 This should be the accepted answer.
ScottN over 7 years

Did this switch stop working for any of you? Chrome was giving me "unsupported command line switch" message for a while, now it seems that they pulled the plug and this doesn't work anymore or maybe Chrome warns you X amount of times then completely blocks it?
Brad Parks over 7 years

@ScottN - I just tried it and it still works for me. I did test it using Canary though, but my Canary is fully up to date. I tested it using badssl.com, which is managed by the chromium team for testing bad SSL certs, and is available on Github
ScottN over 7 years

@BradParks looks like I had some extra chrome.exe running that I had to force quit and then it worked for me again. I still get the "You are using an unsupported command-line flag: --ignore-certificate-errors. Stability and security will suffer." I really don't like to see things suffer, especially security. Is this going away at some point?
Brad Parks over 7 years

Cool! I think that warning will probably stay there forever, to ensure that people are aware that chrome is ignoring SSL certs. Otherwise someone could run a fake site with an invalid SSL cert, and change your Chrome launch config to ignore ssl certs, and Chrome would access it this way with no warnings whatsoever!
ScottN over 7 years

@BradParks excellent point!
talsibony about 7 years

I am not sure this is working on mac OS, I still get the working screen even if I run chrome using this command, I think it is related to the current session and you will get the that warning screen every chrome session, in other words you will have to allow it manually everytime you going to run chrome.
Brad Parks about 7 years

@talsibony - for this to work, you have to completely shut down chrome, then start it again using the command line arguments listed above... I think if you do that you'll get it working as you'd expect. I just tried it on my mac and it worked for me!
TouDick about 7 years

not workoing anymore since Chrome for Windows >58 ;(
Brad Parks about 7 years

@TouDick - I just tried this in Chrome for Windows (v 57, up to date as of now), and it worked fine still. I tried it by going to expired.badssl.com and it didn't fail, but did fail when I started it without this command line option. My shortcut in Windows has this for "target", "C:\Program Files\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors. I see you were using v58, though I don't see how to get that version, as I just updated Chrome, and it says "it's up to date".
user1050755 about 7 years

There is no certificate information any more in recent browsers.
chills42 about 7 years

Yeah, it's still available within the security tab in the development console though.
Eng.Fouad almost 7 years

Not working on Chrome v60 - Mac.
Brad Parks almost 7 years

@Eng.Fouad - I just tried it on a Mac, Chrome Version 60.0.3112.101 (Official Build) (64-bit) and it worked for me. I tested it using this site which has an invalid SSL cert and it skipped the warning, though it displayed the warning before I started chrome using that command line option. Make sure you have completely closed Chrome before trying to start it using that command line option, or it wont work.
Eng.Fouad almost 7 years

@BradParks You are right. I tried it one more time and it worked. Maybe I didn't close Chrome properly.
Brad Parks almost 7 years

Yeah it's easy to miss that... good to hear!
Admin almost 6 years

@BradParks below should be the accepted answer. While this may have been what the user was looking for, it doesn't answer the question as asked, which is important for questions searched on this web site. This answers how do I trust a certificate
Dirk over 5 years

@BradParks your tip to "allow invalid certificates for resources loaded from localhost" did the trick for! ( chrome://flags/#allow-insecure-localhost )
Ricardo about 5 years

I had to copy the certificate from Safari (12.0.3), since from Chrome (72.0.3626.121) didn't work.
Maksym about 4 years

For some problems, you might need an extra step. In the keychain, doublick the certificate. In certificate window, there is 'Trust' accordion near the top. Open it. Change the 'When using this certificate' to 'Always Trust' and save the change.
Denilson Sá Maia almost 4 years

If you have trouble finding the "Authorities" tab, just look for a header with that name under chrome://settings/certificates. (Sidenote: due to Material design, the tab doesn't look like a tab; instead it looks flat.)
AlexD over 3 years

This won't do for me on a day-to-day testing life as the server keeps being rebuilt every 6-hours and sometimes the infrastructure also is rebuilt so that's like nowadays with OpenStack, Docker, K8s, ... CI/CD....
hayden.sikh over 3 years

Not trusting revoked certificates is a necessary part of public key cryptography. There needs to be a mechanism so that, for example, certs tied to compromised private keys are no longer trusted.
Douglas Gaskell about 3 years

How do we do this on a phone now for mobile web app development?
Brad Parks about 3 years

I haven't seen a similar way to do exactly this on ios, but you could proxy your ios network settings using something like Burp, which is a dev tool for doing security penetration testing, or use mitm proxy as detailed in this blog post