12

I have a client SSL certificate for authentication. I'm trying to map it to a URL in Chrome on OSX, however the Chromium documentation is of no use.

I have no idea what file to put the AutoSelectCertificateForUrls preference in. My guess is it will be some file in ~/Library/Application Support/Google/Chrome/Default, based on this.

Best I can do is find some random files with .json extensions via find. They're all extensions and have bizarre paths, e.g.

Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia/7_1/_locales/nl/messages.json

Can someone tell me what file to put the AutoSelectCertificateForUrls setting in?

Improve this question

2 Answers 2

Reset to default
7
+50

The preference goes in the com.google.Chrome.manifest file.

  1. Open the manifest folder with the following Terminal command.

    open /Applications/Google\ Chrome.app/Contents/Resources/com.google.Chrome.manifest/Contents/Resources/

    This presumes Google Chrome is in /Applications; adjust if necessary. Make sure to copy the entire line.

  2. Open com.google.Chrome.manifest. I will use TextMate.

  3. The AutoSelectCertificateForUrls preference goes on line 174.

    Alternatively, use ⌘F to search for AutoSelectCertificateForUrls then select the pfm_targets array.

  4. Replace user-managed with your preference string, per the example in the link you gave.

    {\"pattern\":\"https://www.example.com\",\"filter\":{\"ISSUER\":{\"CN\":\"certificate issuer name\"}}}

Alternatively, you can use Workgroup Manager to set the preference.

  1. Download and open Workgroup Manager.

  2. Connect to localhost with an admin account.

  3. Choose the User tab, and enter your username, then select your account.

  4. Select Preferences in the toolbar, and choose the Details tab.

  5. Add Google Chrome or Chromium to the list by clicking the + button and selecting the application bundle.

  6. Double-click the application that you want to add the preference to, or click it and click the pencil button.

  7. Click Always, then choose New Key.

  8. Click New Item, and select Automatically select client certificates for these sites.

  9. Click New Key.

  10. Double-click the Value for 0.

  11. Enter your desired preference string into the box and press enter.

  12. Click Apply Now, then Done.

  13. A managed icon should appear next to the app that you added the preference to.

Improve this answer
12
  • I have a feeling you're right, but I've put the line in place and Chrome still prompts me. I've even restarted Chrome several times. For the value of CN, I'm using the Common Name in the Issuer Name section of the certificate details in Keychain Access. It's the same thing that shows next to Issued By at the top of that window. I'm using the straight URL for the pattern, no regex or wildcards. Any ideas why it isn't working?
    – quickshiftin
    Commented Nov 12, 2013 at 23:48
  • @quickshiftin Once you've saved the preference, go to chrome://policy and click Reload Policies. The preference should show in the list of policies if this was successful.
    – grg
    Commented Nov 13, 2013 at 7:21
  • Cool, it's showing the value for AutoSelectCertificateURL as not set. Maybe I'm editing the wrong file? I checked and Chrome is definitely installed under the Applications folder. I tried changing another policy, AutoFillEnabled and after refreshing the policies, it too appears to be not set.
    – quickshiftin
    Commented Nov 13, 2013 at 16:42
  • @quickshiftin I've added an alternative method through Workgroup Manager :)
    – grg
    Commented Nov 13, 2013 at 18:30
  • 1
    A colleague has confirmed method 2 (Workgroup Manager) works. Not sure, but I think there's something wrong with my install, which is why I wasn't able to confirm on my laptop.
    – quickshiftin
    Commented Nov 21, 2013 at 22:51
10

On Yosemite, that Workgroup Manager app doesn't work, neither did modifying the plist.

This worked for me, in a terminal:

defaults write com.google.Chrome AutoSelectCertificateForUrls -array

defaults write com.google.Chrome AutoSelectCertificateForUrls -array-add -string '{"pattern":"https://[*.]my.domain:8090","filter":{"ISSUER":{"CN":"example.com"}}}'
Improve this answer
1
  • Awesome, works fine on OS 10.8.5 as well. Confirm via defaults read com.google.Chrome.
    – Jose Alban
    Commented Sep 1, 2015 at 11:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .