Since I regularly work on servers with self-signed certificates it’s been quite the hassle to whitelist them properly under OS X. Why Chrome doesn’t use a system comparable to Firefox is beyond me, but this script makes it fairly manageable.
Do note that the certificate still needs to be valid in terms of hostname and expiration date, but at least it’s a far less tedious process to add them.
Update: The new version also has SNI (Server Name Indication) support which helps with wildcard domains and such.
The actual script (fork here for improvements):
[bash]#!/usr/bin/env bash -e
HOST=$(echo “$1” | sed -E -e ‘s/https?:\/\///’ -e ‘s/\/.*//’)
if [[ “$HOST” =~ .*\..* ]]; then
echo “Adding certificate for $HOST”
echo -n | openssl s_client -connect $HOST:443 -servername $HOST \
| sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ \
| tee “/tmp/$HOST.cert”
sudo security add-trusted-cert -d -r trustRoot \
-k “/Library/Keychains/System.keychain” “/tmp/$HOST.cert”
rm -v “/tmp/$HOST.cert”
echo “Usage: $0 www.site.name”
echo “http:// and such will be stripped automatically”