Easily whitelisting SSL certificates in Chrome under OS X

README.md

Whitelist SSL

This script allows you to whitelist / accept / trust your self-signed / custom / invalid certificate by putting it into your Keychain. This is helpful to convince your favorite browser (Chrome or Opera) to not give a shit about its issuer or whatever.

Quick start

git clone https://gist.github.com/beevelop/cf60f88292ad76b0e1bc37ed688c07b4 whiteliste_ssl
cd whiteliste_ssl
chmod +x whitelist_ssl.sh
./whitelist_ssl.sh https://my-self-signed-domain.foobar/whatever/

Usage

# URL gets sanitized and can contain the full path
./whitelist_ssl.sh <URL>

Changes from Wolph's original implementation

• Use trustAsRoot (instead of trustRoot) in order to automatically enable Always trust.

Should it work?

This script has been successfully tested on

• macOS Sierra 10.12.6
• Google Chrome Version 63.0.3239.59 (Official Build) beta (64-bit)
• Opera Developer 51.0.2781.0
  • Should inform you about „reduced security due to a local, non-public certificate”.
• Firefox Developer Edition 58.0b7 (64-bit) didn't gave a fuck about my Kechain.
  • See https://www.bounca.org/tutorials/install_root_certificate.html#browser-firefox

Todo

• Make the port configurable via $2.

whitelist_ssl.sh

#!/usr/bin/env bash -e

HOST=$(echo "$1" | sed -E -e 's/https?:\/\///' -e 's/\/.*//')

if [[ "$HOST" =~ .*\..* ]]; then
    echo "Adding certificate for $HOST"
    echo -n | openssl s_client -connect $HOST:443 -servername $HOST \
        | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' \
        | tee "/tmp/$HOST.cert"
    sudo security add-trusted-cert -d -r trustAsRoot \
        -k "/Library/Keychains/System.keychain" "/tmp/$HOST.cert"
    rm -v "/tmp/$HOST.cert"
else
    echo "Usage: $0 www.site.name"
    echo "http:// and such will be stripped automatically"
fi