Since I regularly work on servers with self-signed certificates it’s been quite the hassle to whitelist them properly under OS X. Why Chrome doesn’t use a system comparable to Firefox is beyond me, but this script makes it fairly manageable.
Do note that the certificate still needs to be valid in terms of hostname and expiration date, but at least it’s a far less tedious process to add them.
Update: The new version also has SNI (Server Name Indication) support which helps with wildcard domains and such.
The actual script (fork here for improvements):
[bash]#!/usr/bin/env bash -e
HOST=$(echo “$1” | sed -E -e ‘s/https?:\/\///’ -e ‘s/\/.*//’)
if [[ “$HOST” =~ .*\..* ]]; then
echo “Adding certificate for $HOST”
echo -n | openssl s_client -connect $HOST:443 -servername $HOST \
| sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ \
| tee “/tmp/$HOST.cert”
sudo security add-trusted-cert -d -r trustRoot \
-k “/Library/Keychains/System.keychain” “/tmp/$HOST.cert”
rm -v “/tmp/$HOST.cert”
else
echo “Usage: $0 www.site.name”
echo “http:// and such will be stripped automatically”
fi
[/bash]
I’m only educated enough to know how to copy/paste and run that script, how exactly do I set it up so the right certificate gets added to my keychain?
Oh, I think I figured it out.
emm. i see. but is it allowed? i mean we need a verificator for the official cert.