0

I am trying to access an HTTPS site with Chrome and it is throwing my a self-signed certificate error: net::ERR_CERT_AUTHORITY_INVALID. I have tried clicking the red lock/warning sign button in the URL box of the browser, clicked Details, clicked View Certificate, and clicked on the dropdown of Details. It just shows the information about the Certificate and an Ok button, and there is no way to export it, as I was hoping to export and then import it via my Chrome browser.

I trust the website and I visit it frequently, so is it bothersome to constantly, bypass it manually through the warning sign.

So is there a way to permanently ignore the self-signed certificate error using Chrome?

Ly Maneug
  • 1
  • 1
  • 1
  • Add the certificate to your certificate store. How you do that depends on the OS your using l. – Ramhound Oct 12 '16 at 11:58
  • @Ramhound I am using Windows – Ly Maneug Oct 12 '16 at 16:36
  • You should update your question to reflect that fact, and then clarify, what you have or have not done with regards to that. "So is there a way to permanently ignore the self-signed certificate error using Chrome?" It is possible to have the warning go away permanently for a given chrome session, but how you do that, depends on which version of Chrome your using. In Chrome 50, if you type `badidea`, it allow continued access to the website with a bad ssl certificate. What it is in the current version would have to be researched by you. – Ramhound Oct 12 '16 at 16:41
  • @Ramhound Currently I am using Chrome 53. Do different Chrome versions require different methods? Or is there one method that works on all versions? Would prefer the latter although it takes longer. – Ly Maneug Oct 12 '16 at 16:50
  • The phrase you have to type as changed multiple times. How you add the certificate to the certificate store is the same accross all versions of Chrome on Windows though. – Ramhound Oct 12 '16 at 16:54
  • @Ramhound So I did the research but none of them or work not available as they are older guides, as I've described in the original post. Do you mind providing me with a guide? – Ly Maneug Oct 12 '16 at 19:05
  • A guide to what exactly? How you add a certificate to the certificate store in Windows has not changed. What you type, to bypass the warning page, depends on the version of Chrome. Have you tried simply typing "bad idea" while chrome browser window is active? – Ramhound Oct 12 '16 at 20:16
  • @Ramhound Guide to how to add the certificate to the certificate store. – Ly Maneug Oct 13 '16 at 04:27
  • @LyManeug Self-signed certificates should never be used, as they have no [Chain of Trust](https://www.ssl.com/faqs/what-is-a-chain-of-trust/) and are therefore insecure and pointless; the recommended way is to create a self-signed CA, using that CA to sign the certificate via an `openssl.cnf` - please see [this](https://superuser.com/a/1618151/529800) answer for how to do so. Once the CA has signed the cert, add the CA to the Trusted Root Certification Authorities via `certmgr.msc`, and if using an ICA, also add the ICA to the Intermediate Certification Authorities. – JW0914 Mar 29 '22 at 12:13
  • 2
    Does this answer your question? [How can I get Chrome accepting self signed certificates?](https://superuser.com/questions/1296596/how-can-i-get-chrome-accepting-self-signed-certificates) – sleske Jul 28 '22 at 11:01

1 Answers1

0

This seemed to work:

  1. Download rootsupd.exe

  2. Extract the files using the command rootsupd.exe /c /t:C:\temp\extroot

  3. From C:\temp\extroot, run the following four commands (from an elevated command prompt):

    updroots.exe authroots.sst
updroots.exe updroots.sst
updroots.exe -l roots.sst
updroots.exe -d delroots.sst
G-Man Says 'Reinstate Monica'
  • 7,678
  • 22
  • 41
  • 87
Mouhsine
  • 1
  • Self-signed certificates should never be used, as they have no [Chain of Trust](https://www.ssl.com/faqs/what-is-a-chain-of-trust/) and are therefore insecure and pointless; the recommended way is to create a self-signed CA, using that CA to sign the certificate via an `openssl.cnf` - please see [this](https://superuser.com/a/1618151/529800) answer for how to do so. Once the CA has signed the cert, add the CA to the Trusted Root Certification Authorities via `certmgr.msc`, and if using an ICA, also add the ICA to the Intermediate Certification Authorities. – JW0914 Mar 29 '22 at 12:14