Getting Chrome to accept self

 

I have created a self-signed SSL certificate for the localhost CN. Firefox accepts this certificate after initially complaining about it, as expected. Chrome and IE, however, refuse to accept it, even after adding the certificate to the system certificate store under Trusted Roots. Even though the certificate is listed as correctly installed when I click "View certificate information" in Chrome's HTTPS popup, it still insists the certificate cannot be trusted.

What am I supposed to do to get Chrome to accept the certificate and stop complaining about it?

This worked for me:

  • Using Chrome, hit a page on your server via HTTPS and continue past the red warning page (assuming you haven't done this already).
  • Open up Chrome Settings > Show advanced settings > HTTPS/SSL > Manage Certificates .
  • Click the Authorities tab and scroll down to find your certificate under the Organization Name that you gave to the certificate.
  • Select it, click Edit ( NOTE : in recent versions of Chrome, the button is now "Advanced" instead of "Edit"), check all the boxes and click OK. You may have to restart Chrome.

    • You should get the nice green lock on your pages now.

    EDIT: I tried this again on a new machine and the certificate did not appear on the Manage Certificates window just by continuing from the red untrusted certificate page. I had to do the following:

  • On the page with the untrusted certificate ( https:// is crossed out in red), click the lock > Certificate Information. NOTE: on newer versions of chrome, you have to open Developer Tools > Security , and select View certificate .
  • Click the Details tab > Export . Choose PKCS #7, single certificate as the file format.
  • Then follow my original instructions to get to the Manage Certificates page. Click the Authorities tab > Import and choose the file to which you exported the certificate, and make sure to choose PKCS #7, single certificate as the file type.
  • If prompted certification store, choose Trusted Root Certificate Authorities
  • Check all boxes and click OK. Restart Chrome.

    • NOT FOR PROD

    Simply paste this in your chrome: 

    chrome://flags/#allow-insecure-localhost

    You should see highlighted text saying: Allow invalid certificates for resources loaded from localhost

    Click Enable .

    On the Mac, you can use the Keychain Access utility to add the self-signed certificate to the System keychain, and Chrome will then accept it. I found the step-by-step instructions here:

    Google Chrome, Mac OS X and Self-Signed SSL Certificates

    Basically:

  • double-click the lock icon with an X and drag-and-drop the certificate icon to the desktop,
  • open this file (ending with a .cer extension); this opens the keychain application which allows you to approve the certificate.
    • 链接地址: http://www.djcxy.com/p/59660.html

    上一篇: 使用openssl从服务器获取证书

    下一篇: 让Chrome接受自我