2

I visit some site in Chrome, and get the lock icon; clicking it, then "Connection", then "Certificate Information" brings up a dialog with several certs listed, the first of which is the root of trust for the site I'm visiting. How can I find this cert, export it to a .crt/.cer (base64 encoded x509) file, and modify its trust settings?

Additionally, I can go to chrome://settings/, click "Show advanced settings…", then click "Manage certificates…" which opens Keychain Access. However, nowhere in Keychain Access do I see the certificate I'm interested in, and Search cannot find it.

The cert is a bit weird: it is an corporate internal CA cert.

Improve this question
4
  • If it would be a coporate intercal CA cert it usually would give you a certification error "the certificate chain could note be veryfied" or something like "the CA is unknown and therefore not trusted". Please name the website and i will check the certificate.
    – Ivan Viktorovic
    Commented Sep 25, 2015 at 14:13
  • It's internal; there's no URL that I can give you by definition. I only get TLS errors in FF, because the cert isn't in it's trust store (which is why I'm trying to export it from OS X's); Chrome verifies fine, and references a cert that I cannot find, hence the question.
    – Thanatos
    Commented Sep 29, 2015 at 20:45
  • If it is a coperate internal certificate it has to have a internal CA. You would need to go to that CA and export the root certificate and import it at your computer.
    – Ivan Viktorovic
    Commented Sep 30, 2015 at 11:39
  • The cert is on the computer — at least, it is in the trust store that both Chrome and Safari look at, which my understand is Keychain Access. Where it is in Keychain Access (or in general, if that assumption is correct) is the crux of the question. (And it must be on the machine, given that both Chrome and Safari validate end-user certs signed by the CA cert that I'm looking for.)
    – Thanatos
    Commented Oct 6, 2015 at 16:38

1 Answer 1

Reset to default
0

You have to view the certificate:

  • in a popup in front of your URL address or
  • in the DevOps Tool Security tab

Then, in the certificate dialog window, select the correct certificate in the tree (website, intermediate or root - not all might be available) and drag the certificate icon to a local directory on your machine (or directly in the Keychain Access app).

In the Keychain Access app, drag the certificate in the the System folder. Then you change the Trust options accordingly to your needs as by default probably it will not be trusted (hence you have the problem in the first place)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .