How-to: Accept self signed certificate in Chrome/Chromium

ssl
certificates
tls
chromium
chrome

#1

How to Accept self signed certificate in Chrome / Chromium

Environment

  1. A UCS environment with one or more systems or a pre-configured and pre-installed app appliance
  2. Chrome or Chromium browser

Objective

The network traffic between Chrome / Chromium on the client shall be secured with SSL/TLS. To achieve this, Chrome / Chromium needs to accept a certificate that has been signed by certificate authority (CA) of your UCS system that is unknown to the browser.

Accept the self signed certificate from UCS in Chrome / Chromium

Step 1: Open the UCS portal page

Open the UCS portal page by entering https://<ip address to your server> in the the address field in your Chrome / Chromium browser. You will see the following:

Bildschirmfoto%20vom%202019-01-25%2011-42-04

The reason for this warning is that Chrome / Chromium cannot verify the certificate that UCS offers. The browser does not know the CA that is used by UCS to sign the certificate. Every UCS environment creates its own CA and signs its certificates with it.

Step 2: Create an exception for the self-signed certifcate

  1. Click on the button “Advanced”. This shows the reason for the message. As stated above, Chrome / Chromium cannot validate the issuer of the certificate.
  2. Click on “Proceed to <ip address to your server> (unsafe)”.

Bildschirmfoto%20vom%202019-01-25%2011-42-16

Step 3: Enjoy secured browsing

You now enjoy secured network traffic between your browser and your UCS system. Chrome / Chromium still shows a hint about the unknown CA. It marks the connection as Not secure. This is a little bit misleading, because there is an encrypted connection between the browser and your UCS system.

Bildschirmfoto%20vom%202019-01-25%2011-42-33

Just to be clear, Chrome / Chromium warns, because your UCS system cannot prove that it really is the system behind the given ip address. The reason is a missing trust, because your browser and your operating system respectively cannot validate the certificate that is offered by UCS.

To permanently get rid of this warning, you have to make the CA known to your operating system. There are plenty of articles on the Internet about how to achieve this for different operating systems and browsers. It is out of scope of this howto.


How-to: Register a Univention App Appliance
closed #2