We rely on self-signed certificates in our development environment to test our applications via SSL. As a result, the browser will show you a warning saying the connection is not private each time. This becomes frustrating real quick!
By adding your self-signed certificate to your Keychain you can instruct the browser to trust it. This works for Chrome and Safari. In Firefox you need to create an exception manually.
First, get a copy of the certificate by extracting it using OpenSSL. If your development domain is
foobar.dev, then the command looks like this:
echo -n | openssl s_client -connect foobar.dev:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/foobar.dev.crt
The above command will initiate the connection with the site using the
openssl command, then extract the certificate from the response and store it in
Note that the initial
echo -n command is required to separate your shell from s_client: if you don’t, s_client will wait for input until the server times out.
Now that we have the certificate, we can add it to the Keychain:
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /tmp/foobar.dev.crt
That’s it! Relaunch your browser to check the warning has disappeared.