15

I'm implementing a mutual authentication for my client in order to solve not having to continually whitelist some of the agencies with a dynamic ip. The process works fine in all browsers that I've tried in the Windows environment (Windows 7).

The problem is that there is a popup for every time that the user goes to the site. On most browsers, this is a one time occurrence, when you first go to the site for the day. On Google Chrome, however, the popup occurs on what appears to be every POST/GET request. I found how to disable the popup for IE and FF with this link: http://docs.threerings.org.uk/wiki/Certificates_without_prompting, but there is still the problem with Chrome.

I've tried to install the certificate into the Trusted Root Certification Authorities, but I get an error message, "The import failed because the store was read-only, the store was full, or the store did not open correctly.".

If anyone has an idea on what I can do to get around the pop-up for Chrome, it would be greatly appreciated.

tshepang
  • 12,111
  • 21
  • 91
  • 136
CadmusPaladin
  • 318
  • 1
  • 2
  • 5
  • 1
    Did you happen to figure this out? Would you mind posting your solution? I'm having a similar issue. – Vinnie Jan 30 '13 at 14:47

2 Answers2

11

This is what you're looking for: http://www.chromium.org/administrators/policy-list-3#AutoSelectCertificateForUrls

I could tell you how to do it exactly, but my honest opinion is that this is something you have to work out yourself. You need to know what is going on because you are more than likely to run into bugs (not bugs per-se but some undesired or unwanted results).

I have to admit that Google Chrome and Chromium are great browsers, but when it comes to client certificates, they have a lot of improvements to be made.

Devon_C_Miller
  • 16,248
  • 3
  • 45
  • 71
zanbaldwin
  • 999
  • 8
  • 28
  • I tryed to put this in the policies as informed here: http://www.chromium.org/administrators/linux-quick-start but the policy won't load. – Nelson Teixeira Jan 08 '15 at 15:15
  • I have found how to correctly use this configuration. I explain it in detail here: http://stackoverflow.com/questions/27848786/chrome-certificate-selection-appears-multiple-times/27859775#27859775 – Nelson Teixeira Jan 09 '15 at 11:41
0

Just some extra info on this that may help people.

The first part references the CFBundleIdentifier which you can find in the Contents folder then info.plist. Click you Application and then show package contents then you should see it.

So I had to do this for Chromium for Tizen debugging below worked obviously use your CN name.

defaults write org.chromium.Chromium AutoSelectCertificateForUrls -array-add -string '{"pattern":"*","filter":{"ISSUER":{"CN":"Entrust Certification Authority"}}}'
user1503606
  • 3,872
  • 13
  • 44
  • 78