I want to know if it's possible to disable the warning you get in Chrome when you try to go to some HTTPS site that doesn't have a trusted certificate.
I have a few sites in my bookmarks that use HTTPS but none of them have trusted certificates, so each time I visit them I manually have to click "Proceed anyway" in the warning and it's getting kind of annoying.
Is there any way to disable the warning or somehow add these sites to some kind of safe list?
You can tell Chrome to ignore all SSL errors by passing the following at the command line:
--ignore-certificate-errors
I start Chrome from bash using this:
/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --ignore-certificate-errors &> /dev/null &
and it works great. Note that this should only be used for testing development websites, and should not be used by a typical end user.
Why? Because Chrome won't say anything about bad certs on "real" sites too! So only use this if you are a developer!
If you just want this for local SSL certificates, then you may be able to get away with just using this option in Chrome, allow-insecure-localhost:
chrome://flags/#allow-insecure-localhost
On a related note, if you want to create fully trusted self signed SSL certs for Chrome/Safari, you can find out how to do that here
When you use Chrome's Options > Manage Certificates > Import where are you placing the certificate? On the "Certificate Store" screen of the import, choose "Place all certificates in the following store" and browse for "Trusted Root Certification Authorities." Restart Chrome.
You can avoid the message for trusted sites by installing the certificate.
This can be done by clicking on the warning icon in the address bar, then click
"Certificate Information" -> Details Tab -> Copy to file
Save the certificate, then double click on the certificate file. On the certificate window that opens, click install certificate, then walk through the install.
The next time you go to the site it should work fine without errors.
For Chrome on OSX, here's a relatively easy way to add the self-signed certificate to the system's Keychain, which is used by Chrome: Google Chrome, Mac OS X and Self-Signed SSL Certificates. No more annoying red warning screen! (I do wish Chromium would simplify adding the exception though.)
Instructions for Linux (Chrome 12+):
Certificate Information -> Details -> Export
Save the certificate as a file of your choice.
Preferences -> Under the hood -> Manage certificates -> Authorities
Import the file and check all the boxes when it asks. You are done.
It is very important to import under the Authorities tab, and not other!
On OsX you should export your certificate from firefox and import on keychain under the login profile.
If the Google paternalism becomes insufferable as in:
we don't want users to visit a site with a revoked certificate. If you think this bug report is about #2, I'll mark it WontFix. Would you like me to do that?
you can nullify the browser's TLS system completely by using a TLS proxy that signs all TLS connection opening with its own TLS root CA. Obviously, that has annoying consequences like the inability to view the real certificate of a website with the Chrome interface. Also, client TLS certificates are by design not compatible with that TLS proxying.
Many Google Chrome extensions allow you to select proxies based on domain, so you could only proxy those domains that are known to cause TLS issues in Chrome.
In order for me to get this to work, I had to copy to file using the "Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B)" option and check the "Include all certificates in the certification path if possible" box.
Then I imported using Cornelius' instructions and it worked.
If the site to which you go, your own server, make sure that you have installed the Self-Signed certificate or a certificate from a Trusted Authorities on your server. Some server software sets the default test certificate, which can not be added to the Trusted root Authorities certificate store.
