Skip to Content

Avoid Certification Selection Popup in Google Chrome

when connecting with Google Chrome to a website which uses a certificate for identification you always get the certificate selection popup:

ChromeCert.jpg

In Microsoft’s Internet Explorer you are able to automatically suppress this popup via Internet Explorer Settings.

In Google Chrome you can also suppress the certificate selection popup. Unfortunately, the procedure is not that easy and comfortable as it is in IE.

In short words: this settings can be configured for Google Chrome as a Group Policy within Windows administration.

The advantage: this allows you to define this kind of settings for your complete company using domain policies.

The bad thing: if this settings is not defined as a domain policy you have to define it locally, which needs administrative access to the Windows registry. Furthermore there is no way to use this feature on non-professional Windows editions, because not only gpedit.msc is missing but also the complete GroupPolicy API is dead or pointing into NOP-functions.

In order to simplify this setting on your workstation I have written a powershell module, which is attached to this blog.

The script is provided as is – no warranty, no support.

If you have questions, please use the Windows forum.

How to work with the script?

  1. Download the attached text file and rename it to the file extension .psm1 .
  2. Start a powershell with elevation (Right Click on Start – All Programs – Accessories – Windows Powershell – Windows Powershell –> Run as Administrator
  3. Run following command to load the module and get help about the provided functions
    
    Import-Module <CompletePathTo>\ChromeTools.psm1
    Get-Command -module chrometools
    # getting help on a single function
    Get-Help Add-ChromeAutoselectCert -full
    
    
    
    
    
    
  4. Now you can add the SAP websites on a very easy way:
    
    Add-ChromeAutoselectCert -wildcard
    
    
    
    
    
    

If you prefer not to work using wildcard urls you can use the -detailed instead of -wildcard

You can also use the tool to add a different website (for example from your intranet) using an different CN.

Example:
To avoid the popup shown above you just run the command


Add-ChromeAutoselectCert -url "https://websmp103.sap-ag.de" -CN "SAP Passport CA"





Example:

To use autoselected certificates on all servers in sap-ag.de with a CA show in the Certification Selection Popup (example see screenshot):


Add-ChromeAutoselectCert -url "[*.]sap-ag.de" -CN "a different CA - see Screenshot above"

By the way: Windows Powershell does support auto-expansion on commands and parameter names by pressing the TAB key.

Try to type Add-Chr<tab> -<tab> 😉

Have fun with it!

References:

Group Policy Concept for Chrome

AutoSelectCertifcateForUrls Documentation

Group Policy Templates for ChromiumAAdd-

/
ChromeCert.jpg
21 Comments
You must be Logged on to comment or reply to a post.