Chrome证书选择出现多次 [英] Chrome Certificate Selection appears multiple times
问题描述
我在Intranet服务器上启用了一个启用SSL的站点。它有一个由有效CA颁发的官方服务器证书。然而,它自上个月以来已过期。我使用USB A3令牌访问它。由于它已经过期,我为它创建了一个安全例外。如果我使用firefox,它一切正常。
问题是当我尝试使用Chrome访问它时。第一次访问时,它正确地提示我输入密码,然后输入证书选择对话框。但在此之后,它会在我输入的每个页面上持续显示认证选择弹出窗口(不是令牌密码)。相反,它应该问一次,并将证书选择缓存到其他页面,就像firefox一样。
该网站使用Apache,PHP,Symfony和PostgreSQL。它有一个apache重定向规则来将/domainname.com/site/app.php/翻译成/domainname.com/site/
任何人都知道这是为什么?
stackoverflow.com/questions/14267459/google-chrome-client-certificate-popup\">这个问题提到了我想要的配置。但它没有说明如何使用它。
我发现这个页面这里,解释了如何配置策略适用于Chrome / Chromium。现在,在Chrome讨论区(此处),我发现在Linux中,Chrome和Chromium都使用相同的策略目录(/ etc / opt / chrome / policies / managed)。如果你把一个有效的策略文件放在那里,它会加载它。所以仔细检查有效性。作为模板的例证,它必须是json格式。因此,请记住它的名字以.json扩展名结尾。
现在我们可以使用上述问题中提到的政策。将此配置放置在策略文件中:
{
AutoSelectCertificateForUrls:[{\pattern \ :\* \,\filter \:{\ISSUER \:{\CN \:\< Your issuer CN> \}} }],
}
明显替换< Your发行人CN> 在证书中使用正确的CN。
重新启动Chrome,就完成了。
要检查Chrome / Chromium加载的政策是否正确,您可以使用以下网址:chrome:// policy
I got a ssl enabled site in an intranet server. It has an official server certificate issued by a valid CA. Yet it's expired since last month. I access it using a USB A3 token. Since it's expired I have create a security exception for it. If I use firefox it all works fine.
The problem is when I try to access it with Chrome. First time I access, it correctly prompts me the token password followed by the certificate selection dialog. But after that it keeps showing the certification selection popup (not the token password) at every page I enter. Instead it should ask one time and cache the certificate selection to the other pages just like firefox does.
The site uses Apache, PHP, Symfony and PostgreSQL. It has an apache redirect rule to translate /domainname.com/site/app.php/ to /domainname.com/site/
Anyone knows why is this ?
Found it:
This question mentions the configuration I want. But it doesn't say how to use it. I found that this page here, explains how to configure policies for Chrome/Chromium. Now, in Chrome discussion forum (here), I found that in Linux both Chrome and Chromium use the same policy dir (/etc/opt/chrome/policies/managed). If you put a valid policy file there it will load it. So double check for validity. It got to be json formated as the template exemplifies. Because of that, remember that it's name ends with .json extension. Now we can use the policy mentioned in the aforementioned question. Put this configuration in the policy file:
{
"AutoSelectCertificateForUrls": ["{\"pattern\":\"*\",\"filter\":{\"ISSUER\":{\"CN\":\"<Your issuer CN>\"}}}"],
}
you obviously substitute <Your issuer CN> with the correct CN in your certificate.
Restart Chrome, and you're done. To check if the policy was correctly loaded by Chrome/Chromium you can use the following url: chrome://policy
这篇关于Chrome证书选择出现多次的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
