17

Our corporate machine administrators distribute corporate root CA certificates via Active Directory, but Chrome does not trust system certificates by default. Is there any way to tweak Chrome to trust those certificates, instead of manually add them to Chrome CA store? I know we can do this in Firefox, so I think it may also be possible for Chrome.

Edit

I know how to add them to Chrome CA store. I want to know whether there is a way to directly ask Chrome to trust system trust store. I tagged this question with Windows because I mainly works on Windows (with Active Directory), but it would be good to know whether Chrome can trust macOS Keychain Access, or /etc/ssl/certs on Linux.

Update

I have verified that currently Chrome will respect any certificate in Windows system trust store. This question is now meaningless. Thanks everyone.

Franklin Yu
  • 806

3 Answers3

13

Chrome uses the Certificate Store on Windows for validating certificates. If Chrome is complaining, then the certificate is not installed on Trusted Root Certificates on your local machine or the certificate's CN (Common Name) does not match the domain name you are accessing.

In order to install the certificate on trusted roots:

  • Click on the red alert icon on the top left of the address bar, form drop down menu select certificate.

  • Then navigate to the detail tab on the certificate window, from bottom right click on Copy to File, Export the certificate in DER encoding set the name of the certificate and Finish.

  • Then open certmgr.msc expend the Trusted Root Certificate Authorities tree.

  • Right click on Certificate from the drop down select all task then click import select your certificate chose Place all certificates in the following store and proceed to finish.

  • Relaunch Chrome.

If this doesn't solve your problem, there is an issue in the certificate or someone trying to get in the middle (Man in the Middle Attack)! contact your system administrator.

Reference: https://www.techrepublic.com/article/how-to-add-a-trusted-certificate-authority-certificate-to-chrome-and-firefox/

daxlerod
  • 3,215
AsimRazaKhan
  • 349
-2

If you Have the Cert. already in exported form I want to say pkcs 7 you should just be able to import the Cert into Chrome by going

Settings>Advanced>Manage Certificates>Trusted Root CA>Import

If that doesn't work you could also try Importing the Cert into Windows Cert manager by opening

MMC.exe>File>Add/remove snapin>Certificates>OK>Trusted Root CA>"Action" tab>all tasks>Import and follow the wizard

Just Curious
  • 1
-4

I suggest you that You can Import that Certificate in Your Web-Browser but to Universally available this certificate for Everyone it may take some time that's why Web-Browser Delivers Update to users.(These Update include CA Authorities's Signature Certificates).

In order to install your new SSL certificate, you need the following information:

Certificate Private key Intermediate certificate (Typically supplied in a separate file from the vendor) Once you have this information, you can install your new certificate by clicking on the Security tab of your site, then clicking on the Edit Certificate link.

On the next screen, there are three fields for Certificate, Private Key, and Intermediate Certificate. Replace the current information with your updated info, and then click Save.

DNS Update:-

Because you are updating an existing SSL certificate, you don’t need to wait for propagation as you would when installing a new SSL certificate.

dx.hmnt
  • 1