How to Trust a Self-Signed Certificate in Chrome

Remove the browser warning for your development certificates — on any OS.

Chrome doesn't have its own certificate store — it uses the operating system's trust store. Once you add your self-signed certificate to the OS, Chrome (and most other browsers) will trust it automatically. Firefox is the exception, and we cover it in a separate guide.

Prerequisites

You need the public certificate file (.crt or .pem). You do not need the private key on the client machine — only on the server.

Important: Chrome (since version 58, released in 2017) requires the certificate to have a Subject Alternative Name matching the hostname. If your cert only has a Common Name, it won't be trusted even after you install it. Our generator adds SANs automatically.

macOS

1. Double-click the .crt or .pem file. Keychain Access will open.
2. When prompted, choose the System keychain (not login) so all users trust it.
3. Find the certificate in Keychain Access, double-click it.
4. Expand Trust, set "When using this certificate" to Always Trust.
5. Close the window — you'll be asked for your password to save.
6. Quit and restart Chrome.

From the command line

sudo security add-trusted-cert -d -r trustRoot \
  -k /Library/Keychains/System.keychain certificate.pem

Windows

1. Double-click the .crt file.
2. Click Install Certificate.
3. Choose Local Machine (requires admin), click Next.
4. Select Place all certificates in the following store and browse to Trusted Root Certification Authorities.
5. Click Next, then Finish. Confirm the security warning.
6. Restart Chrome.

PowerShell

Import-Certificate -FilePath "certificate.crt" `
  -CertStoreLocation Cert:\LocalMachine\Root

Linux (Ubuntu/Debian)

sudo cp certificate.pem /usr/local/share/ca-certificates/my-cert.crt
sudo update-ca-certificates

On Fedora/RHEL:

sudo cp certificate.pem /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust

Chrome-specific NSS database (Linux only)

Chrome on Linux uses NSS, not the system trust store by default. To trust a cert just for Chrome:

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," \
  -n "MyCert" -i certificate.pem

Install libnss3-tools (Debian/Ubuntu) or nss-tools (Fedora) if certutil is not available.

Verify It Worked

Visit your HTTPS site in Chrome. The padlock should be green (or gray) with no warning. If you still see the warning:

• Fully quit Chrome and restart — it caches the trust store.
• Check that the certificate has a matching SAN using our PEM decoder.
• Confirm the hostname you're visiting exactly matches the SAN entry.

Further Reading

• Trust in Firefox
• Detailed macOS guide
• Detailed Windows guide