RT Cunningham

Self-Signed SSL Certificates in Google Chrome 58 and Later

I sometimes think Google screws things up on purpose. Such is the issue of self-signed SSL certificates and the Chrome web browser. I’m using Chrome 66 and this issue has existed since Chrome 58.

Why is it nearly impossible to get self-signed certificates working in Chrome? With Firefox, you only need to add an exception and it will never ask again.

The Google Chrome Issue

Let’s forget the fact, for a moment, that the old self-signed certificates (without a subject alternate name or SAN) won’t work in Chrome 58 and later. The issue I faced, and decided to ignore, is getting Chrome to import a self-signed certificate.

I don’t know if it will import the old ones. I only know it won’t import the news ones. And I don’t think this is a Linux-only issue.

I’m going to show you how to create an SSL certificate on Ubuntu. This will probably work on any platform other than Windows.

Creating the Key and the Certificate

This works. It’s exactly what I used:

openssl req \
    -newkey rsa:2048 \
    -keyout rtcx.local.key \
    -x509 \
    -nodes \
    -new \
    -out rtcx.local.crt \
    -subj "/CN=*.rtcx.local" \
    -reqexts SAN \
    -extensions SAN \
    -config <(cat /etc/ssl/openssl.cnf \
        <(printf '[SAN]\nsubjectAltName=DNS:*.rtcx.local')) \
    -sha256 \
    -days 3650

Why the wildcard? So I won’t have to deal with this every time I’m working with subdomains on localhost.

What about the Chrome Warning?

The warning: Your connection is not private. You can click on link for “ADVANCED” and then click on the “proceed to…” link and the page will load. You’ll see a red “not secure” flag along with the “https” with a line through it up in the address bar.

Put this in address bar:

chrome://flags/#allow-insecure-localhost

The first sentence on the page should be highlighted. Click the “enable” button.

The next time you bring up your web browser and load the page, it will still show the red warnings but you won’t have to click on anything to get past anything.

Why not use Firefox?

I’m an old dog and I’m set in my ways. I prefer using the same web browser for everything. If I decide to use Firefox for web development, I’ll use it for everything else as well.

I’ve developed a routine when it comes to working on the web. I don’t like any kind of change that will disrupt that routine. Switching web browsers will definitely disrupt that routine.

I have a theory. I think you can get an SSL certificate from Let’s Encrypt if you use a public TLD instead of private one. You can get free domain names at Freenom. They’re not great TLDs but if they’re used for local web development, who cares?

I’m going to test my theory and get back with you.

Several hours later…

It works but only until I get a new IP address during a reset or brownout. This would work well for a person with a static IP address. Good luck with that.


May 12, 2018
Web Development

You May Also Like: