Allowing Self-Signed Certificates on Localhost with Chrome and Firefox

HTTPS for web applications is soon no longer an option, but a must-have. When you develop your application on your local machine, you may want to use a self-signet certificate. They cost you nothing and tools like Visual Studio create them on the first run in IIS Express. Everything would be great if current web browsers wouldn’t show you an error page like this one:

The Problem

What can we do to use our self-signed certificate on our local machines and not compromise the security of our web browser?

(Just to be explicit: This is for development purposes only. Never to that in production!)

 

Easy fix for Chrome

In Chrome all you need to do is to open enter this URL chrome://flags/#allow-insecure-localhost into the address bar to find the configuration setting for allowing invalid certificates for localhost:

Chrome settings

Click on Enable and restart Chrome. From now on invalid certificates on localhost (and just on localhost) are ignored and you can develop with your self-signed certificate.

 

Exceptions for Firefox

In Firefox you need to whitelist every certificate. On the error page for the invalid certificate you find a button with the label Advanced. Click it and then add an exception by clicking on the Add Exception button.

Firefox 1. Step

You can now once more verify if this is the certificate you want and then explicitly click on Confirm Security Exception...:

Firefox 2. Step

From now on your local certificate is accepted. If you no longer need this exception, you can click on the lock-icon in the address bar and remove it:

Firefox 3. Step

 

Conclusion

Self-signed certificates need a little work with your web browser. However, on localhost they have their place and can help you to start with HTTPS.

3 thoughts on “Allowing Self-Signed Certificates on Localhost with Chrome and Firefox”

    • Hi yogambar,
      If you replace chrom with chrome and enter the URL into the address bar it should work. Be aware, clicking the link does not work, you must enter it yourself.

      Regards,
      Johnny

      Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.