Using Self-Signed Server Certificates

If you chose to use a self-signed certificate for the Signotaur server website, Chrome will show a "Your connection is not private" warning when you navigate to the Signotaur server URL. To proceed, you must, click Advanced, then Proceed to hostname (unsafe).

After this, Chrome will allow you to access the site, but the "Not secure" icon will remain in the address bar. To permanently remove this indicator, follow the instructions below:

Note: These steps apply to Chrome. Other browsers may require different procedures.

1. Export the Self-Signed Certificate

You can export the self-signed certificate to a .crt file from Chrome as follows:

  1. Open Chrome and visit the Signotaur server website.
  2. Click the Not Secure icon in the address bar and select Certificate Details.
  3. In the Certificate Viewer window, go to the Details tab and click Export.
  4. Ensure a Base64-encoded ASCII (.pem, .crt) format is selected and enter a filename.
  5. Click Save to export the certificate file.

To get Chrome to trust the self-signed certificate, you need to add it to your system’s trusted root certificate authorities. Here are the steps for doing this on Windows and Linux:

2. Add the Certificate to Trusted Authorities

On Windows

  1. Open the Microsoft Management Console (MMC):

    • Press Win + R, type mmc, and press Enter.

  2. Add the Certificates Snap-In:

    • In the MMC, go to File > Add/Remove Snap-in....
    • Select Certificates and click Add.
    • Choose Computer account, then Next, and click Finish.

  3. Import the Certificate:

    • In the MMC, under Certificates (Local Computer), navigate to Trusted Root Certification Authorities.
    • Right-click Certificates, select All Tasks > Import..., and follow the wizard to import the self-signed certificate file (.crt).

On Linux

  1. Locate the Certificate Store:

    • Most Linux distributions use ca-certificates for managing trusted root certificates.

  2. Copy the Certificate to the Trusted Directory:

    • Place the .crt file in the directory /usr/local/share/ca-certificates/ or /etc/ca-certificates/trust-source/anchors/.

    Example command:

    sudo cp your-certificate.crt /usr/local/share/ca-certificates/

3. Verify the Certificate is Trusted

After importing the certificate, you can check in Chrome to see if the self-signed certificate is now trusted:

  1. Restart Chrome and visit the Signotaur server website.
  2. The "Not secure" icon should no longer appear.

Sometimes, Chrome caches the certificate, so even after adding the certificate to trusted authorities, the warning may persist. Clearing the cache can resolve this:

4. Clear Chrome's Cache

Open Chrome and press Ctrl + Shift + Delete, or select Settings from the menu, then Privacy and security, and click on Delete browsing data.

In the "Delete browsing data" window:

  • Select the Time range as All time.
  • Check the box for Cached images and files (ensure the other options are unchecked).
  • Click Delete data .
  • Restart Chrome and revisit the site.