My work place intercepts SSL connections, looks at their contents, and then passes the data to and from my machine and remote hosts - a kind of man-in-the-middle attack. This is not uncommon in corporate or enterprise environments.

Now I have a virtual machine running on my computer. The virtual machine does not have the certificates the actual machine has which enable the MITM to work transparently. As a result, I get this message:


What can I do to resolve this?

    Install the fake certificates on the virtual machine.
    – Ramhound
    Commented Jun 2, 2016 at 21:04
  • @Ƭᴇcʜιᴇ007: Corporate ID didn't want to touch the issue. Don't let the word "corporate" throw you, this is a perfectly legitimate question about certificate authorities.
    – Richard
    Commented Jun 2, 2016 at 21:33
    @Ramhound: The difficult I had was in finding said certificates.
    – Richard
    Commented Jun 2, 2016 at 21:34
    In 2020 you can just go to chrome://flags and select "Insecure origins treated as secure" option
    – lucifer63
    Commented Dec 21, 2020 at 12:43

First thing's first:


Doing this allows a man-in-the-middle to see all of your communications. This fix should only be employed if you are in a situation which warrants it, not if you're sitting at a coffee shop and having problems connecting to things.

That said...

The first step is to acquire the certificate of the MITM.

To do so, click the little HTTPS lock and hit details:

Page details

Click "View Certificate" in the dialog that comes up.

Certificate details pane

Hit "Details" in the Certificate viewer and select the top certificate, which should be from an address other than the one you were trying to get to (see picture):

Certificate viewer

Then hit "Export" and save the certificate file.

Now, go to Settings → Advanced → Manage Certificates... → Authorities

Settings menu

And hit "Import". Select the certificate file you saved previously and hit all of the check boxes that appear, authorizing it to certify everything.

Manage certificates menu

  • // , My dialog for Certificate Viewer does not include two tabs, nor can I export the certificate file. On what version of Chrome or Chromium did you test this? Commented Oct 4, 2016 at 9:29
  • @NathanBasanese: I'm sorry; I'm not sure what version it was. I've since changed locations.
    – Richard
    Commented Oct 4, 2016 at 14:24
    I had to restart chrome before this was working correctly on windows (kill chrome task). Great guide
    – Sam
    Commented Mar 7, 2017 at 22:30
    "Details" link is not displayed in Chrome OSX 57.0.2987.110 (64-bit)
    – DanH
    Commented Mar 21, 2017 at 12:56
    Chrome 57.0.2987.133 (64-bit) , OSX 10.9.4. I open Security tab from Inspect Element in develop tools. And I can see the detail of certificate. But there is no Export either. I can export the certificate using firefox. But when I opened Manage Certificates in Chrome and was trying to import the certificate to chrome. Chrome open system certificate manager instead of chrome certificate manager. Then I tryed type chrome://settings/certificates to address bar, it only redirect to chrome://settings.
    – Nick Dong
    Commented Apr 24, 2017 at 9:08

I hope I'm not reviving this too late in the game, but I was looking for this answer and figured out how to make Richard's solution work with Chrome 59.0.3071.115 for the Mac.

  1. Load the page with the self-signed certificate that's causing Chrome to throw the error
  2. Hit the triple-horizontal-dots in the top right to get to More Tools > Developer Tools; click on the Security tab
  3. Click "View certificate"
  4. In the little window that pops up, there should be a picture of a certificate. Click/drag that to some location in Finder.
  5. Triple-horizontal-dots > Settings > Advanced > Manage certificates
  6. If the keychain is locked (lock in the top-left corner of the window that pops up), unlock it using your system password
  7. Select "login" under Keychains (on the top-left) and "Certificates" under Category (on the bottom-left)
  8. Click/drag the certificate that you downloaded over to the right side of the Keychain Access window
  9. Lock the lock at the top left of the Keychain Access window
  10. Close and re-open Chrome (make sure Chrome fully closed -- force quit if you need to)
  11. In Keychain, right-click your cert, "Get Info", "Trust" and "Always Trust" for SSL!
    Click drag not working on windows 10. Also I see no "login" in the manage certificates window...
    – Radmation
    Commented Aug 27, 2018 at 16:45
  • 4
    Great, thanks! One more step for me (Chrome as of Oct 26, 2018): in Keychain, right-click your cert, "Get Info", "Trust" and "Always Trust" for SSL!
    – Nico
    Commented Oct 26, 2018 at 22:04
  • For Chrome version 75.0.3770.142, closing (and re-opening) wasn't necessary. Commented Jul 22, 2019 at 15:57
  • Click-drag working on macOS Mojave (10.14). Thank you for an actual detailed solution to this. Commented Jul 26, 2019 at 18:48

If you've just installed an SSL cert on your website after getting this error, you may need to restart Chrome. Easiest way is to go to chrome://restart so that it reopens all your tabs.

I was getting this error even though SSL Labs was telling me I had an A+ cert. Chrome was just being dumb and not refreshing properly.


If you click the advanced link you are given the option to prodeed anyway.

enter image description here

Subsequently, when you visit the same site, the warning won't be shown, but the address bar will show "Not secure". If you click on the words "Not secure, you are informed that you have chosen to disable warnings for this site, but you can re-enable them.

enter image description here

    It looks like the "proceed anyway" link has been removed
    – jrh
    Commented Mar 19, 2019 at 19:36
  • 1
    @jrh it is still there if you open it in incognito mode, but in normal browser mode it is gone Commented Aug 12, 2019 at 12:24
  • @MiroslavSaracevic I don't see it in Incognito mode either, I think there's more than one kind of certificate error.
    – jrh
    Commented Aug 12, 2019 at 14:09
  • @jrh "Proceed anyway" is only available if the site does not use the HSTS header, which forces HTTPS connections.
    – tubedogg
    Commented Jul 16, 2020 at 18:30
    @jrh There's an easter egg that allows this. You can proceed anyway by clicking on the error page and then typing "thisisunsafe" (without the quotes). You won't see the letters being typed, but the page will load.
    – John Smith
    Commented Oct 31, 2020 at 17:30

For me I had to upgrade my browser version to the latest and it worked.


One more option: less common but worth knowing.

Your computer may have an old certificate on it and ignore the current one.

I had to go to the Keychain app on a Mac and delete the expired/untrusted certificates so it would download new ones.

    How to delete the expired/untrusted certificates Commented Mar 19, 2019 at 7:11
  • @IpsitaRout : in Windows start mmc.exe - File:Add/RemoveSnapin - select certificates for computer and again certificates for current user.
    – Bernhard
    Commented May 5, 2020 at 6:19
  • in Windows, Start menu > Manage user certificates > Personal (or Trusted Root Certification Authority, then find the localhost and right-click to delete. Generate a new self signed cert if needed and install it again with double-click on generated crt file. If you have a website you must have the generated private key file usable by webserver. To generate self signed crt file and private key: medium.com/@rubenvermeulen/… Commented Jul 6, 2020 at 20:25

For linux To continue on the answer by https://superuser.com/a/1083768/33705

Just follow this guide to generate a strict self signed certificate that chrome will accept: https://ram.k0a1a.net/self-signed_https_cert_after_chrome_58

Export the certificate from chrome:

  • Click the lock on chrome (on the left of the address bar)
  • Certificate > Details > Export > PKCS #7, single certificate
  • Save it as something, I saved it as ~/cert/myweb.p7b
  • Generate the certificate
  • sudo apt install libnss3-tools
  • certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n ~/cert/myweb.crt -i ~/cert/myweb.p7b
  • you may need to type it out instead of copy paste
  • Import the generated file into Chrome
  • go to Chrome > Settings > Search for "SSL" > Manage Certificates > Authorities > * import > private key that you generated ~/cert/myweb.crt

Alternative method

  • ssh-keygen
  • create cert folder: mkdir ~/cert
  • echo QUIT | openssl s_client -connect my-local-website.com:443 | sed -ne ( '/BEGIN CERT/,/END CERT/p' > ~/cert/mycert.p7b
  • certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n ~/cert/mycert.p7b -i ~/cert/mycert.p7b
  • check installation: certutil -d sql:$HOME/.pki/nssdb -L
  • restart chrome

Also see: https://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate


You must clear valet (not remove, only clear some files described below), clear everything about valet in KeyChain.

How to clear valet? Let me write all commands.

rm ~/.config/valet/CA/*
rm ~/.config/valet/Certificates/*
rm ~/.config/valet/Nginx/*
rm ~/.config/valet/Sites/*

After that you can use valet link and valet secure commands. Valet will create new SSL files in CA and Certificates folder and import these to system certificates.

Source: https://github.com/laravel/valet/issues/296#issuecomment-1313355353

