Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

linux - Chrome Certificate Selection appears multiple times

I got a ssl enabled site in an intranet server. It has an official server certificate issued by a valid CA. Yet it's expired since last month. I access it using a USB A3 token. Since it's expired I have create a security exception for it. If I use firefox it all works fine.

The problem is when I try to access it with Chrome. First time I access, it correctly prompts me the token password followed by the certificate selection dialog. But after that it keeps showing the certification selection popup (not the token password) at every page I enter. Instead it should ask one time and cache the certificate selection to the other pages just like firefox does.

The site uses Apache, PHP, Symfony and PostgreSQL. It has an apache redirect rule to translate /domainname.com/site/app.php/ to /domainname.com/site/

Anyone knows why is this ?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Found it:

This question mentions the configuration I want. But it doesn't say how to use it. I found that this page here, explains how to configure policies for Chrome/Chromium. Now, in Chrome discussion forum (here), I found that in Linux both Chrome and Chromium use the same policy dir (/etc/opt/chrome/policies/managed). If you put a valid policy file there it will load it. So double check for validity. It got to be json formated as the template exemplifies. Because of that, remember that it's name ends with .json extension. Now we can use the policy mentioned in the aforementioned question. Put this configuration in the policy file:

{
    "AutoSelectCertificateForUrls": ["{"pattern":"*","filter":{"ISSUER":{"CN":"<Your issuer CN>"}}}"],
}

you obviously substitute <Your issuer CN> with the correct CN in your certificate.

Restart Chrome, and you're done. To check if the policy was correctly loaded by Chrome/Chromium you can use the following url: chrome://policy


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...