How to View SSL Certificate Details in Chrome 56
1 Star2 Stars3 Stars4 Stars5 Stars (13 votes, average: 4.69 out of 5)
Loading...

How to View SSL Certificate Details in Chrome 56

A quick guide on how to view SSL certificate details in Chrome 56.

Starting in Chrome 56, you will no longer be able to see details about a website’s SSL certificate by clicking on the padlock icon in the address bar.

This change is being made as part of Chrome’s campaign to simplify their security UI/UX and tailor it for a more mainstream audience that does not know what SSL certificates, Certificate Authorities, or key signature algorithms are.

For the power-users and developers who do want to see details about their HTTPS connection and the site’s SSL certificate, you will need to go to the Security tab in Developer Tools. Here’s how to do it:

Step 1. Open Developer Tools.

The quickest way there is with a keyboard shortcut:

OS Keyboard Shortcuts
Windows and Linux Ctrl + Shift + i F12
Mac ⌘ + Option + i

You can also get to Chrome’s Developer Tools by opening the Chrome menu (⋮), then going to More Tools -> Developer Tools.

Here’s a couple of quick screenshots to show you where to click.

how to view ssl certificate details in chrome 56

And just find Developer Tools on the dropdown menu…

How to View SSL Certificate Details in Chrome 56

Step 2. Select the Security Tab, which is second from the right with default settings.

How to View SSL Certificate Details in Chrome 56

Step 3. Select View Certificate. The certificate viewer you are used to will open up.

There you have it! That’s how you view SSL certificate details in Chrome 56. While it takes a few more clicks and button presses, it’s still the same information you are used to.

Once you have the Security tab open, you will find all the other information about HTTPS/SSL that has slowly been moving out of the Page Info menu. The main pane tells you about the site’s certificate, the HTTPS connection parameters, and the presence of mixed content.

There is also the option to see more detailed information about all the origins (hostnames) that you are connected to via that site. If you opened Developer Tools after visiting the page, just refresh the page and the left-hand pane will populate. Clicking on each origin will display that site’s information in the main pane.

You can also select the Main Origin from the pane to see more verbose information about the connection, including Certificate Transparency details.

24 comments
  • This change is bad… We ask clients who call our supportteam to check the certificate if they have doubts on the security of the website. I don’t think we can explain this new WoW…

  • Even I am getting annoyed by this change. Security is not the favorite subject of most people, so things that are meant to improve security (like the certification path) should not be stashed away in a location where the average user will never search

  • Incorrect assumption that security conscious end users don’t want to inspect certificates. More and more users are working with mandatory user certificates and understand what certificates are about now. It doesn’t hurt to enable the users to inspect a certificate if they understand, and it should be easily accessible. What users are going to check out “developer tools?” And what about the fact that users may often work with self-signed certificates within their organization’s intranet? They are taught how to use exceptions, and I’d only want them to add an exception after they have verified it.

  • I think google should google what “simplify” means. They implement things which make browser compleetely unusable one after each other… but this one is the hardest bullshit.

  • How do you export the actual certificate to add it to “manage certificates” so the site is accepted from then on?

  • This is sadly typical of Google in general and Chrome specifically these days. What a ridiculous, poorly thought-out change to make. I believe this is because the developers are an arrogant bunch of pricks who think they know better than everyone else and will ram changes like this through for NO GOOD reason and in the face of much protest and much evidence that their changes are bad ideas and poorly thought out. Mind you, Mozilla is not much better these days. I’ve switched to Brave and hopefully that team will take heed and listen to us. Chrome and FF are both bloatware these days and are frankly becoming unusable. The fact that I can no longer STOP A PAGE FROM CONTINUING to execute Javascript is mind-blowing. I’ll have audio from videos on pages in non-active tabs suddenly start to play. Seriously guys? In what universe is that considered desirable? Unfortunately, Google and Mozilla technical cultures are rooted in arrogance and exhibit a lack of serious, long-term experience and understanding of basic UX and UI tenets – I’m done arguing and will switch and advise everyone else to do so too. Here’s hoping that Brave won’t become corrupted too…

  • “simplify their security UI/UX”

    how stupid has one to be to make it deliberately difficult to access this kind of security info?
    and btw: how is this more _simple_??

  • I’ve been doing IT for many years and this is REALLY surprising and bad practice on Google’s behalf. Why would you make security any more difficult for the majority of people? When I saw this, my instincts shot through the roof with disbelief.

  • Thanks for the article. Good information!
    I also read through all the coments here and I cannot agree more with them alll..

    What in earth is google thinking ???

    I will personally go back to firefox for all my security related things again.

  • I don’t know who put their idiot nephew or niece in charge, but months later, I still curse their name regularly for making the security information I need so unavailable.

    I find these instructions and send them to folks frequently.

  • To show it in version 60+ you need to enable the option. Of course they put in an obvious place everyone should be poking around in these settings. I can’t wait to tell my end users to go in there. Let’s see how many options they can change before the browser no longer works.

    But really, it does add the ability to see the site cert from the security list when clicking on the padlock to the left of the URL.

  • Of course this is not a “bad design”. It should be a decision to hide things that might be annoying in the future. With the vast adoption of SSL, some trafic policing methods like web proxies, DLP systems, etc, simply can not work without Man in the middle attack. In a correctly setup intranet, the browser can be setup to draw a green lock even on intercepted channels. One should get into the hustle to compare SSL thumbnails in order to be sure about the site’s identity. And this information is accessible through the View certificates -now hidden- menu.

Leave a Reply

Your email address will not be published. Required fields are marked *

Captcha *

Author

Vincent Lynch

The SSL Store’s encryption expert makes even the most complex topics approachable and relatable.