Google Chrome Client Certificate Popup - google-chrome

I'm implementing a mutual authentication for my client in order to solve not having to continually whitelist some of the agencies with a dynamic ip. The process works fine in all browsers that I've tried in the Windows environment (Windows 7).
The problem is that there is a popup for every time that the user goes to the site. On most browsers, this is a one time occurrence, when you first go to the site for the day. On Google Chrome, however, the popup occurs on what appears to be every POST/GET request. I found how to disable the popup for IE and FF with this link: http://docs.threerings.org.uk/wiki/Certificates_without_prompting, but there is still the problem with Chrome.
I've tried to install the certificate into the Trusted Root Certification Authorities, but I get an error message, "The import failed because the store was read-only, the store was full, or the store did not open correctly.".
If anyone has an idea on what I can do to get around the pop-up for Chrome, it would be greatly appreciated.

This is what you're looking for:
http://www.chromium.org/administrators/policy-list-3#AutoSelectCertificateForUrls
I could tell you how to do it exactly, but my honest opinion is that this is something you have to work out yourself. You need to know what is going on because you are more than likely to run into bugs (not bugs per-se but some undesired or unwanted results).
I have to admit that Google Chrome and Chromium are great browsers, but when it comes to client certificates, they have a lot of improvements to be made.

Just some extra info on this that may help people.
The first part references the CFBundleIdentifier which you can find in the Contents folder then info.plist. Click you Application and then show package contents then you should see it.
So I had to do this for Chromium for Tizen debugging below worked obviously use your CN name.
defaults write org.chromium.Chromium AutoSelectCertificateForUrls -array-add -string '{"pattern":"*","filter":{"ISSUER":{"CN":"Entrust Certification Authority"}}}'

Related

Force "Add to homescreen" prompt a second time on chrome

I am trying to build a PWA. I managed to trigger the prompt a first time and installed the app on my shell (desktop). I then deleted it and I would like to force the prompt to reappear (for debug purpose) but it won't.
I set my chome flag Bypass user engagement checks to enabled, but there's still nothing I can do to trigger the prompt.
When I click on the console setting Application>Manifest>Add to homescreen, nothing happens and I don't receive any error message either.
It's exactly the same code that worked the first time. I just want to trigger it again now that the desktop shortcut has been deleted.
Also struggled with this issue.
At last found that going to chrome://apps/ and removing the app will enable to re-add it
If the chrome://flags/#bypass-app-banner-engagement-checks flag is enabled and you are still not getting the banner, its high likely one of PWA criteria is not met anymore.
It might have worked before. But with the changing code, something might have went wrong with Service worker, accessing via HTTP instead of HTTPS or having an invalid certificate kind if issues might have made your app not eligible for App install banner.
Validate: Validate your current sites PWA eligibility using Chrome Developer tools -> Audits -> Perform Audit -> Progressive Web App. See if all goes through regarding PWA criteria and if you see all looks good and still you don't get the Install Banner, post the Audit screenshot to give us some idea on whats going on.
You can just also just set it in the Developer Tools under Application by checking on Update on reload or click on Unregister to completely remove the SW. Dirty, but does the trick all the time.

Chrome v45 and ShellinABox

We have a web application that runs within a VPN. It has a self signed cert on it and is accessed through the server's IP address.
Part of the functionality of this app are some legacy Java apps (that no longer run in Chrome). Our initial work around for our Chrome users was to run Shell In A Box within an iframe of the web app to run those. All was good until the latest version of Chrome, v45.
What we’re seeing is that appears to be blocking the iframed content (maybe because of the self-signed cert?). If we grab the ShellinABox URL and drop it in a new tab, it works as it used to in the iframe. If we go back to the iframe, it now works. If we close Chrome and open it back up, it still works.
I should also note that we tried the canary builds as well. It's up to v47.x and we still see the same behavior there. We were reading through some of the Chrome group/bug lists and saw some reports that were similar but the "fixes" supposedly going through canary still didn't resolve it.
So, it appears that an exception is being logged somewhere. Does anyone have an explanation for this behavior and is there a way to set this exception without jumping through those hoops?
It turned out it was due to a permissions issue with ShellInABox that didn't reveal itself until v45 of Chrome, for some odd reason.

500 Internal Server Error just on Google Chrome when logging into PayPal

Whenever I try to visit log in to PayPal on Google Chrome (my current version is 35.0.1916.114 which is the most up to date at the time of writing this), I get a 500 Internal Server Error. Here's the exact one:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster#paypal.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
I'm able to visit the homepage fine and I can log in on all other browsers but this has been an issue for some time now (I just haven't gotten around to looking into it). At the moment, I open Firefox just to use PayPal but I used Chrome for everything else so I'm trying to solve it.
Any ideas on why this would be happening? I've seen other questions on the web similar but they are mainly due to people 'buying' through PayPal which isn't a problem for me. I can purchase items on the 'purchase' screens that you get redirected to from a site.
Thanks for your help!
I see this from time to time on a couple of very specific web sites (e.g., Slashdot). All other sites works fine when this happens (and the site works fine in other browsers, including Web Kit based ones). The embarrassingly simple solution is to restart the browser (I try to avoid it since I often have 50+ tabs open). If guess the problem might be session cookies (that would explain why a restart works). As a consequence of this guess, clearing all permanent cookies for PayPal and related sites might be worth considering.
For me, I do like this at the 500 error page
Click on the Secure to the left side of the address bar
Select Site settings
Select Reset site settings at the bottom of the page
Reload the page
in some cases but not all. There appears to be a corrupt session via the cookie or data stored for a specific browser in the java files. Try the following;
1. Download CCleaner (close chrome)
Remove and clean registry files
Remove tmp and cached for CHROME as well as cookies
Clear index.dat file
4. Control Panel / Java-open / clear internet java cached files
5. Make sure you're not using a proxy IP for the web
6. Restart computer
7. Try again
Now that Google separated cookies from permissions I had to delete my cookies separately to get it to work.
Click on the Secure to the left side of the address bar
Select Cookies
Select the wordpress cookies and Remove each one
Reload page

chrome.identity do not work without "key" in manifest

I try to make correct authorization in Chrome App. I followed official tutorial, but I was not able to sign in - every try ended with redirection to settings page and communicate that
Account sign-in details are out of date. Sign in again
After signing in, I got redirection once again to setting page, and after a moment, the same situation happened.
I saw in chrome://identity-internals that token expiration date is set on 0 of Unix time, so it seems error.
I decided to try samples from Google Chrome Github. I installed the GDrive one and it worked fine - till the moment I deleted key from manifest, I found in documentation that this is kind of extension id. Without it, situation is identical to this with my own app. This happens in all samples with chrome.identity - without key, they are unusable, with key works fine.
Had anyone ever similar problem? Maybe this is connected to some kind of additional Origin in Cloud Console? I am not able to find any information about it. I use key from Web Application App, cause when I try to register Chrome Extension I always receive
Invalid appId for type CHROME_EXTENSION:
but in documentation of Chrome Apps is written that I should Web Aplication Keys.
Would be great if anyone could help. I use latest Dev Channel normal Chrome and Canary, same problem on both of them.
Right, the key needs to be there for the API to work. See http://developer.chrome.com/apps/app_identity.html for all the details.

Can Google Chrome be used on a local dev server with an invalid SSL cert?

Our application runs within a frameset that uses one visible frame to show content and two others to handle communication with the server. I did not design this and have no power to change it now.
The problem is that my local machine does not have a valid SSL certificate (it's self-signed), so accessing it and trying to login pops an 'invalid certificate' error. In IE and FF I am able to simply click a button to continue. However, I just started trying to test with Chrome and it seems to stop me dead with:
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.
There is no option to continue. There also doesn't appear to be anything in the options menu to add localhost as a trusted site, though I may have missed something. Does anyone know a way around this? Disabling SSL locally won't be very easy and risks me forgetting to enable it for deployment. Any other thoughts?
Thanks.
What I would recommend is to add the self-signed certificate to Chrome manually rather than trying to make localhost a trusted site. It looks like there are a couple ways to accomplish this. Here is one forum thread that discusses the issue, but I think it boils down to:
If you are on Windows, install the certificate in IE. The linked thread explains this process in more detail, but it looks like you go to the site in IE, click "Continue" or similar, then right-click the certificate error button to the right of the URL bar and follow the prompts. (If that doesn't work, here's a question that I believe addresses the issue.)
More recent versions of Chrome appear to allow certificate import directly. On version "15.0.874.121 m" for Windows, I can click the tool menu, go to Options, then Under the Hood, then the Manage Certificates button. I believe you then click the "Import..." button, though I do not recall whether you need to be on the Personal tab or one of the others. You will need to have the certificate in a file format that Chrome supports (p12 is one, there are others). There is a help link in the appropriate place that specifies the accepted formats.
I recommend Safari for this purpose. Sign a cert with StartCom, and enroll the cert in the browser.