Skip to Content

Trust self-signed certificates on a Mac

Posted on

We rely on self-signed certificates in our development environment to test our applications via SSL. As a result, the browser will show you a warning saying the connection is not private each time. This becomes frustrating real quick!

By adding your self-signed certificate to your Keychain you can instruct the browser to trust it. This works for Chrome and Safari. In Firefox you need to create an exception manually.

First, get a copy of the certificate by extracting it using OpenSSL. If your development domain is foobar.dev, then the command looks like this:

echo -n | openssl s_client -connect foobar.dev:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/foobar.dev.crt

The above command will initiate the connection with the site using the openssl command, then extract the certificate from the response and store it in /tmp/foobar.dev.crt.

Note that the initial echo -n command is required to separate your shell from s_client: if you don’t, s_client will wait for input until the server times out.

Now that we have the certificate, we can add it to the Keychain:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/foobar.dev.crt

That’s it! Relaunch your browser to check the warning has disappeared.

comments powered by Disqus