How to Make Chrome Accept Self-Signed Certificates on Linux

If your website uses a self-signed certificates, Chrome will show a warning every time and you need clicks to continue. In this post, I will introduce how to make Chrome accept self-signed certificates for sites on Linux.

This post is made short on purpose and you need to search the Web and learn if you want to understand the stuff.

You will need libnss3-tools package on Debian/Ubuntu/Linux Mint or nss-tools on CentOS/Fedora/RHEL. Then use this script (add-cert.bash):

#!/bin/bash

if [ $# -lt 1 ]; then
    echo "Usage: $0 hostname"
    exit 1
fi

hostname=$1

echo QUIT \
| openssl s_client -servername $hostname -connect $hostname:443 -showcerts 2>null \
| sed -ne '/BEGIN CERT/,/END CERT/p' \
>/tmp/cert-$hostname

certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n $hostname -i /tmp/cert-$hostname

certutil -d sql:$HOME/.pki/nssdb -L

like

bash add-cert.bash your.web.site

After the certificate is added, restart Chrome and you should find no warnings any more.

Eric Ma

Eric is a systems guy. Eric is interested in building high-performance and scalable distributed systems and related technologies. The views or opinions expressed here are solely Eric's own and do not necessarily represent those of any third parties.

4 comments:

  1. It seems that the Github gives a free education pack to the student, which includes a free SSL certificate for one year.
    I just apply it yesterday, and use it on https://chetui.org & https://www.chetui.org (which is used for reverse proxy of google).

    If your github account is already certified as a student account of HKUST, then you can also apply it. Finaly, your https website would not show warnning to visitor for at least one year.

    1. Sounds good. But I guess you need to pay after the first year. The https services for my sites are mainly for my own usage for security transfer over the Web. Readers visit by http still. If https is enabled and later disabled, it will look strange while I am not ready to pay for the certificate manually yet.

Leave a Reply

Your email address will not be published. Required fields are marked *