Trust self-signed certificates on a Mac
We rely on self-signed certificates in our development environment to test our applications via SSL. As a result, the browser will show you a warning saying the connection is not private each time. This becomes frustrating real quick!
By adding your self-signed certificate to your Keychain you can instruct the browser to trust it. This works for Chrome and Safari. In Firefox you need to create an exception manually.
First, get a copy of the certificate by extracting it using OpenSSL. If your development domain is foobar.dev
, then the command looks like this:
echo -n | openssl s_client -connect foobar.dev:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/foobar.dev.crt
The above command will initiate the connection with the site using the openssl
command, then extract the certificate from the response and store it in /tmp/foobar.dev.crt
.
Note that the initial echo -n
command is required to separate your shell from s_client: if you don’t, s_client will wait for input until the server times out.
Now that we have the certificate, we can add it to the Keychain:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/foobar.dev.crt
That’s it! Relaunch your browser to check the warning has disappeared.