I'm using Chrome on a closed lab network. I have no control over the servers I'm talking to, which use SHA1-signed certs for HTTPS. Should they be using better certs? Of course, but I can't fix that. I just don't want to be bothered about it by my browser every time I open the sites.
Does Chrome have a flag or registry setting I could change that will stop warning about SHA1 certs? Obviously this would be dangerous for use on the actual internet, but not every network is under threat of attack.
52 Answers
For Mac Users Run this command to create a plist file in XML format
cat >com.google.Chrome.plist <<POLICY
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">
<dict> <key>EnableSha1ForLocalAnchors</key> <true/>
</dict>
</plist>
POLICYConvert it to binary format using plutil -convert binary1 com.google.Chrome.plist
Move it into your system preferences sudo cp com.google.Chrome.plist /Library/Preferences/
Now visit chrome://policy and ensure EnableSha1ForLocalAnchors is set to true and has OK status (requires Chrome restart)
For windows update required in Registry
Disable the certificate warning using the below commands
Windows user - execute chrome.exe with the parameters as below or update the parameter to the Chrome shortcut
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors --ignore-urlfetcher-cert-requestsMac users - Execute the commands from the terminal
/Applications/Google Chrome --ignore-certificate-errors --ignore-urlfetcher-cert-requests &> /dev/null 2