Easily whitelisting/adding self-signed SSL certificates to Chrome on OS X

Since I regularly work on servers with self-signed certificates it’s been quite the hassle to whitelist them properly under OS X. Why Chrome doesn’t use a system comparable to Firefox is beyond me, but this script makes it fairly manageable.

Do note that the certificate still needs to be valid in terms of hostname and expiration date, but at least it’s a far less tedious process to add them.

Update: The new version also has SNI (Server Name Indication) support which helps with wildcard domains and such.

The actual script (fork here for improvements):

#!/usr/bin/env bash -e

HOST=$(echo "$1" | sed -E -e 's/https?:\/\///' -e 's/\/.*//')

if [[ "$HOST" =~ .*\..* ]]; then
    echo "Adding certificate for $HOST"
    echo -n | openssl s_client -connect $HOST:443 -servername $HOST \
        | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
        | tee "/tmp/$HOST.cert"
    sudo security add-trusted-cert -d -r trustRoot \
        -k "/Library/Keychains/System.keychain" "/tmp/$HOST.cert"
    rm -v "/tmp/$HOST.cert"
else
    echo "Usage: $0 www.site.name"
    echo "http:// and such will be stripped automatically"
fi
Bookmark and Share

Tags:

About Rick van Hattem

Rick van Hattem is a Dutch Internet entrepreneur and co-founder of Fashiolista.com

2 Responses to “Easily whitelisting/adding self-signed SSL certificates to Chrome on OS X”

  1. Michael | 2016-03-03 at 20:03:34 #

    I’m only educated enough to know how to copy/paste and run that script, how exactly do I set it up so the right certificate gets added to my keychain?

  2. Michael | 2016-03-03 at 20:04:19 #

    Oh, I think I figured it out.

Leave a Reply