Apparently High Sierra has changed the way Safari handles untrusted SSL certificates.
In the past you could bypass an SSL warning and visit a site. But if you visited that site again in a new session, you'd get the warning again.
But now, asking Safari to allow you to visit a site with an untrusted certificate apparently requires that you add the untrusted certificate to the system trust store.
To me this is actually less secure. Here is just one scenario where there could be a problem: Suppose you're setting up a new server and, initially, it has a self-signed certificate. You know this is going to happen, but you have to get in to do some initial setup or testing. You bypass the SSL warning and go on your way. Now, later that day or the next day, you try to setup the server with a proper SSL certificate but somehow mess things up and your site is still serving its self-signed certificate. You visit the site in Safari and… everything looks good! No warning. So you're now confident that you setup your cert properly. But you haven't.
Yes, of course you can go into Keychain Access and manually remove the certificate, but that just seems to be not only many extra steps but also something easy to forget to do.
So my question is, is there a way to get Safari to temporarily, without adding anything to the system store, allow a connection to an untrusted SSL website, other than adding the certificate and then remembering to go manually remove it afterwards?
Best Answer
Although there is no longer a button, you can still call
CertificateWarningController.visitInsecureWebsiteWithTemporaryBypass()in the Safari Web Developer console to bypass the warning and visit the insecure site.If not enabled, go to Safari > Preferences > Advanced and select the "Show Develop menu in menu bar" option at the bottom.
Develop > Show Javascript Console.
Paste
CertificateWarningController.visitInsecureWebsiteWithTemporaryBypass()in the console.