Configure Google Chrome to display certificates directly

Martin Brinkmann
Jul 27, 2017
Updated • Dec 14, 2017
Google Chrome
|
10

Google moved the option to display certificates in Google Chrome from the site properties menu to the Developer Tools.

All you had to do previously to display the certificate of a site in Chrome was to click on the site icon in the browser and select details to display the certificate in the browser.

After the change rolled out, users have to open the Developer Tools, select Security in the interface, and click on the "view certificate" button in it.

Not very elegant, especially if you need to verify certificates regularly and not just once every other month or so.

It appears that Google has had a change of heart. While the company did not restore the option to display certificate details directly in the page info panel, it did add a new flag to Chrome that adds a similar option to the page info panel.

The new experimental flag has been added to Chrome 60 by Google which was released recently.

Update: The most recent versions of Google Chrome show the certificate link directly when you click on the icon in front of the address. No need anymore to set the flag first.

Enable show certificate in Chrome

chrome show certificate

The feature is opt-in right now; you have to enable it manually before it becomes available. Here is how that is done.

  1. Open the Chrome browser if you have not done so already.
  2. Load chrome://flags/#show-cert-link in the browser's address bar.
  3. Select the enable link that is associated with the "show certificate link".
  4. Restart the Chrome web browser.

The experimental flag has the following title and description:

Show Certificate Link

Add a link from the Page Info bubble to the certificate viewer for HTTPS sites.

When you open the Page Info panel after the restart, you will notice that Certificate is a new entry when you open sites that use HTTPS.

chrome display certiifcate

Chrome highlights whether the certificate is valid or not. You may click on the link however to open the certificate window that lists detailed information about the site's certificate.

site certificate

Closing Words

I never understand why Google removed the option to display certificate information directly in the Chrome browser. It looked as if the company decided to hide the information from regular users and make it Developer and tech savvy users exclusive, as barely anyone knew where to look to display certificate information after the change.

The new experimental flag adds this option back to the place where users look for it, but it is an opt-in feature. This means it is likely that many users will not know about it.

Still, it is good news that the option is back. Since it is available as an experimental flag, it may be integrated in Chrome natively, or removed from the browser.

Now You: Do you verify certificates regularly?

Summary
Configure Google Chrome to display certificates directly
Article Name
Configure Google Chrome to display certificates directly
Description
Google Chrome 60 comes with a new experimental flag that restores the link to open certificate details of sites you open in the browser from the address bar.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Gil said on September 8, 2017 at 6:02 pm
    Reply

    Thanks for publishing this. Great tip!

  2. Dan said on August 16, 2017 at 2:01 pm
    Reply

    As others have pointed out already, adding the ability to view the server certificate does not add any security per se, but as an IT admin I appreciate the ability to access the info with two mouse-clicks instead of having to wade through a number of developer submenues. Especially when I had to verify the certs on my own (internal) servers after renewing or changing them, this has been a major annoyance previously. It’s a convenience feature, no more, no less.

  3. Kubrick said on August 16, 2017 at 1:43 pm
    Reply

    I think it should be pointed out that the information within the certificate is meaningless to the untrained eye and the vast majority of chrome users simply will not understand what it all means.

  4. Timson said on July 28, 2017 at 9:27 am
    Reply

    And even it is the right domain – if you computer is infected or otherwise tempered with – the root certificate could be replaced and you wouldn’t get notified or have any ability to check it (if oyu don’t remember all CAs)
    Also interesting detail: currently SSL certificate revocation mechanism is not working in every major browser. So if you receive revoked certificate in a response from server – every browser would mark it and green and trusted. Here is an article about that issue with test domain: https://scotthelme.co.uk/revocation-is-broken/
    So https is mostly illusion of protection, it works up until the moment there is a real attack against you.

  5. CHEF-KOCH said on July 28, 2017 at 1:31 am
    Reply
  6. CHEF-KOCH said on July 27, 2017 at 11:02 pm
    Reply

    It’s not necessary to be default or change the default option, when an certificate isn’t valid you get an huge messege and warning.

    1. Erdogan Kurtur said on October 30, 2017 at 8:52 am
      Reply

      If your company pushes some root certificate and generates certificates based on that root, you get no warning, no message nothing for most of the regular sites. Sites like google.com expect certificate to be their own certificate, so only they give you any warning.

    2. chesscanoe said on July 27, 2017 at 11:34 pm
      Reply

      As a user, I do not want to wait until doomsday to know a certificate expires that is important to me. Per above article, as well as adding the flag to the latest Chrome x64 beta, http://quoteshunger.com/wp-content/uploads/2015/03/happy-fools-day-quote.jpeg shows an image for Ghacks doomsday.

  7. John said on July 27, 2017 at 8:24 pm
    Reply

    This should be the default.

  8. Anatoly Nechaev said on July 27, 2017 at 7:59 pm
    Reply

    Works in Vivaldi too, cewl.
    Thank you.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.