How to Make Chrome Accept Self-Signed Certificates on Linux
Posted on In Linux, Software, TutorialIf your website uses a self-signed certificates, Chrome will show a warning every time and you need clicks to continue. In this post, I will introduce how to make Chrome accept self-signed certificates for sites on Linux.
This post is made short on purpose and you need to search the Web and learn if you want to understand the stuff.
You will need libnss3-tools package on Debian/Ubuntu/Linux Mint or nss-tools on CentOS/Fedora/RHEL. Then use this script (add-cert.bash):
#!/bin/bash
if [ $# -lt 1 ]; then
echo "Usage: $0 hostname"
exit 1
fi
hostname=$1
echo QUIT \
| openssl s_client -servername $hostname -connect $hostname:443 -showcerts 2>null \
| sed -ne '/BEGIN CERT/,/END CERT/p' \
>/tmp/cert-$hostname
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n $hostname -i /tmp/cert-$hostname
certutil -d sql:$HOME/.pki/nssdb -Llike
bash add-cert.bash your.web.siteAfter the certificate is added, restart Chrome and you should find no warnings any more.
It seems that the Github gives a free education pack to the student, which includes a free SSL certificate for one year.
I just apply it yesterday, and use it on https://chetui.org & https://www.chetui.org (which is used for reverse proxy of google).
If your github account is already certified as a student account of HKUST, then you can also apply it. Finaly, your https website would not show warnning to visitor for at least one year.
Sounds good. But I guess you need to pay after the first year. The https services for my sites are mainly for my own usage for security transfer over the Web. Readers visit by http still. If https is enabled and later disabled, it will look strange while I am not ready to pay for the certificate manually yet.
You can get a free SSL/TLS certificate from StartSSL for your website:
https://ask.fclose.com/1495/how-to-get-free-web-server-ssl-tls-certificates-for-websites
Is this post still good for the year 2020 and centos 8?