How to add server certificate exception to Chrome/Edge?

Is it possible to add server certificate exceptions for some websites (to skip warning page about certificates that are expired, self-signed or with missing or mismatched CN/SANs) in Google Chrome / MS Edge for all users (in any scriptable way, but preferably using policies/registry)?

In Mozilla Firefox I am using Autoconfig which is good enough without policy to use. Is there an alternative to Autoconfig in Chrome/Edge?


Solution 1:

You can add the self-signed certificates as Trusted Roots on the target machines you want to avoid certificate errors on. This can be done using GPO in Security Settings\Public Key Policies\Trusted Root Certification Authorities.

In the default configuration, IE, old and new Edge, and Chrome (and other Chromium browsers) will all respect the system certificate trusts.

Putting on my security hat: trusting individual self-signed certificates isn't a super great idea because the private key of the certificate is the only thing needed to begin spoofing traffic to the website. You should consider deploying internal certificate authorities, whose roots/intermediates you then trust through AD, and deploying certificates from that. Certificate enrollment is very scriptable!