To trust a self-signed certificate in Chrome, click “Advanced” → “Proceed to site” for temporary access. The permanent solution involves either enabling chrome://flags/#allow-insecure-localhost (for development purposes) or adding the certificate to your operating system’s trusted certificate store. Self-Signed certificates do not validate through Certificate Authorities so they should only be deployed during testing phases rather than production environments.
Why Does Chrome Block Self-Signed Certificates?
The Chrome browser rejects self-signed SSL certificates because it follows HTTPS security standards.
- They do not receive verification from trusted Certificate Authorities (CAs).
- Attackers can easily create fake certificates which results in man-in-the-middle (MITM) security threats.
- The default user safety settings of Google take priority.
Method 1: Trust Self-Signed Certificates in Chrome (Quick Fix)
Step 1: Proceed Past the Warning (Temporary Fix)
When Chrome shows “Your connection is not private”, follow these steps:
- Click “Advanced” → “Proceed to [site] (unsafe)”.
(Note: This only works for localhost or trusted internal sites.)
Step 2: Enable Chrome Flags (Permanent Fix for Localhost)
For development environments, Chrome allows bypassing security checks:
- Open Chrome and enter:
chrome://flags/#allow-insecure-localhost
- Enable the “Allow invalid certificates for resources loaded from localhost” flag.
- Relaunch Chrome for changes to take effect.
Best for: Developers testing on localhost who need a persistent fix.
Method 2: Manually Add Self-Signed Certificate to Chrome (Windows/Mac/Linux)
If you need to permanently trust a self-signed certificate in Chrome, manually install it in your OS.
For Windows:
- Download the certificate (.crt or .pem file).
- Open Run (Win + R) → Type certmgr.msc → Press Enter.
- Go to Trusted Root Certification Authorities → Certificates.
- Right-click → All Tasks → Import → Follow the wizard.
For macOS:
- Double-click the .crt file → Keychain Access will open.
- Select “System” keychain (requires admin password).
- Right-click the cert → “Get Info” → Set “Always Trust”.
For Linux (Chrome/Chromium):
- Install certutil (if missing):
sudo apt install libnss3-tools # Debian/Ubuntu
- Add the certificate:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n "MySelfSignedCert" -i /path/to/cert.crt
Best for: IT admins managing internal tools with custom certs.
Method 3: Generate a Proper Self-Signed Certificate (Avoiding Warnings)
Instead of bypassing warnings, create a properly configured self-signed cert with:
- Subject Alternative Name (SAN) for localhost
- Extended Key Usage for server authentication
Using OpenSSL:
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \\ -keyout key.pem -out cert.pem -subj "/CN=localhost" \\ -addext "subjectAltName=DNS:localhost,IP:127.0.0.1"
Final Thoughts
Developers need to trust self-signed certificates in Chrome, yet they need to use this practice with proper precautions. The “Proceed” click works for immediate testing but Chrome flags activation and OS certificate installation create lasting solutions. The use of self-signed certificates remains dangerous for production environments, but developers should use them exclusively in local development environments. You should use mkcert for local HTTPS operations while relying on Let’s Encrypt certificates for live sites. By using the procedures described, you can stop Chrome from displaying “Not Secure” alerts while maintaining project security.
Frequently Asked Questions (FAQs)
1. How do I permanently trust a self-signed certificate in Chrome?
The permanent solution to trust self-signed certificates requires adding them to your operating system’s trusted certificate repository (Windows users access this through certmgr.msc while macOS users use Keychain Access and Linux users use certutil). Chrome will no longer show security alerts for this particular certificate after adding it to your operating system’s trusted certificate store.
2. Why does Chrome say my self-signed certificate is not secure?
The Chrome browser prevents self-signed certificates because they do not have verification from trusted Certificate Authorities (CAs). Self-signed certificates lack the capability to demonstrate domain ownership thus they pose safety risks when deployed on public websites instead of paid or Let’s Encrypt certificates.
3. Can I bypass “Not Secure” warnings without enabling Chrome flags?
The “Advanced” menu provides a “Proceed to site” option that allows you to bypass security warnings. Chrome flags with the label #allow-insecure-localhost offer a workaround for permanent warnings but proper certificate installation remains necessary for lasting solutions.
4. Local development with self-signed certificates presents what degree of safety risk.
Using self-signed certificates is safe for local testing but remains dangerous for deployment into production environments. Developers can use mkcert as their preferred tool for local development since it provides automated certificate creation with trust functionality.
5. What steps should I follow to obtain a Chrome-trusted self-signed certificate?
The OpenSSL tool generates certificates with Subject Alternative Name (SAN) functionality to support localhost or test domain operations. SAN configuration provides better results although Chrome still displays an untrusted certificate warning.
6. What’s the best alternative to self-signed certificates?
For local development, mkcert is the best alternative—it creates locally trusted certificates without warnings. The production environment needs either Let’s Encrypt or paid CA certificate deployment.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
