Chrome Certificate Selection appears multiple times

linux google-chrome ssl
15,413

Solution 1

Found it:

This question mentions the configuration I want. But it doesn't say how to use it. I found that this page here, explains how to configure policies for Chrome/Chromium. Now, in Chrome discussion forum (here), I found that in Linux both Chrome and Chromium use the same policy dir (/etc/opt/chrome/policies/managed). If you put a valid policy file there it will load it. So double check for validity. It got to be json formated as the template exemplifies. Because of that, remember that it's name ends with .json extension. Now we can use the policy mentioned in the aforementioned question. Put this configuration in the policy file:

{
    "AutoSelectCertificateForUrls": ["{\"pattern\":\"*\",\"filter\":{\"ISSUER\":{\"CN\":\"<Your issuer CN>\"}}}"],
}

you obviously substitute <Your issuer CN> with the correct CN in your certificate.

Restart Chrome, and you're done. To check if the policy was correctly loaded by Chrome/Chromium you can use the following url: chrome://policy

Solution 2

This worked, after changing the filter to be more permissive as in the following:

{
    "AutoSelectCertificateForUrls": ["{\"pattern\":\"*\",\"filter\":{}}"]
}

Also to see policy try the following: chrome:policy

Solution 3

For anyone experiencing the same issue on Windows 7, the following steps work on Chrome 77.0.3865.105:

As per Chromium documentation, the configuration should be set in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls (create the key if it doesn't already exist). The patterns for certificate auto-selection are created as String values (REG_SZ) with names 1, 2, 3, etc... Note that JSON escaping is not required, so a valid configuration would be HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls\1 = {"pattern":"*","filter":{}}

Share:
15,413
Nelson Teixeira
Author by

Nelson Teixeira

Senior developer and technology enthusiast contact: [email protected]

Updated on June 13, 2022

Comments

  • Nelson Teixeira
    Nelson Teixeira almost 2 years

    I got a ssl enabled site in an intranet server. It has an official server certificate issued by a valid CA. Yet it's expired since last month. I access it using a USB A3 token. Since it's expired I have create a security exception for it. If I use firefox it all works fine.

    The problem is when I try to access it with Chrome. First time I access, it correctly prompts me the token password followed by the certificate selection dialog. But after that it keeps showing the certification selection popup (not the token password) at every page I enter. Instead it should ask one time and cache the certificate selection to the other pages just like firefox does.

    The site uses Apache, PHP, Symfony and PostgreSQL. It has an apache redirect rule to translate /domainname.com/site/app.php/ to /domainname.com/site/

    Anyone knows why is this ?

  • some
    some about 6 years
    I was trying this on Raspberry Pi (Raspbian Release 2, 2017, chromium-browser, 60.0.3112.89-0ubuntu0.14.04.1.1005 armhf), but could not get it to work, until I copied the files from /etc/chromium-browser/ to /etc/chromium/. You can find out if the policies has been loaded if you go to chrome://policy
  • Nelson Teixeira
    Nelson Teixeira about 6 years
    Thanks for the contribution. If the question/answer was useful don't forget to upvote. :)
  • Nelson Teixeira
    Nelson Teixeira over 4 years
    @Woodz I understand your good intention in putting a windows version of the solution. But as this is my answer and I'm not an expert in windows, I can't validate it. Also you woun't get any upvotes credits for your part. So in your own interest, please create an answer with the info you wanted to include here ok ?
  • Woodz
    Woodz over 4 years
    Apologies for misunderstanding the purpose of editing answers @nelson-teixeira. I have created a separate answer at stackoverflow.com/a/58262467/323177.
  • Nelson Teixeira
    Nelson Teixeira over 4 years
    No problem @Woodz. As I said, it's in your own interest. Thanks for trying to help anyway :)
  • simond
    simond about 2 years
    Woodz and Nelson Teixeira, I have configured same way and also I can see in chrome:policy but with no value and status OK...so still it is asking to select certificate -Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSele‌​ctCertificateForUrls‌​\1] = {"pattern":"*","filter":{"ISSUER":{"CN":"AC RAIZ FNMT-RCM"}}}

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why do I have untrusted certificates for Google, Yahoo, Mozilla and others?
Add permanent SSL certificate exception in Chrome (Linux)
"Private key is missing or invalid when importing a certificate" in Google Chrome
Apache 2 with SSL virtual host on different port 8080 or 8081 in Linux
mod_rewrite REQUEST_URI confusion
Comodo SSL: ERR_CERT_AUTHORITY_INVALID on Chrome mobile and Opera mobile (Android)
The identity of this website has not been verified for openssl
How to make apt-get to ignore ca-certificate issue - cannot install gstreamer dev library
Convert certificate in PKCS12 format for tomcat / JKS Keystore
Chrome - certificate settings in Registry