How can I add a permanent SSL certificate exception for certain websites? These sites have certificates signed by some root CA which I do not want to trust. When I tried to manually install the website's certificate into personal or trusted root CA, the browser still gives certificate warning because the chain verification fails (root CA not trusted). So how can I add exceptions for these sites?

In firefox I can just add a permanent certificate exception. But for Windows certificate store, if I install a certificate which is unable to be verified due to lack of corresponding trusted root CA, the installed certificate does not even show up in IE's certificate store (it's in Windows's certmgr tho)

For example, https://www.hrc.army.mil/ I don't want to install the federal root CA. How can I get rid of the certificate warning?

  • I am not sure I understand the question. If you don't trust the root CA then how can you trust any certifate signed by the root CA? – Ramhound Jul 28 '14 at 12:34
  • that's why it's called an exception. I don't trust the CA to sign for every website. But I need the website whose cert signed by this CA to work without the warning. – sdaffa23fdsf Jul 28 '14 at 12:36
  • And for the exception, the certificate can only be used for this particular common name (FQDN) and cannot be used as a CA to sign other sites. – sdaffa23fdsf Jul 28 '14 at 12:37
  • I have similar issue. To be specific, I want to trust a single (leaf) certificate. If the website sign a new certificate (i.e., with a different signature), I want to be warned. – Franklin Yu Dec 5 '17 at 16:03

Your Answer

By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Browse other questions tagged or ask your own question.