Comment #117 on issue 318 by marcelo.dacruz: Client SSL Certificate Support
http://code.google.com/p/chromium/issues/detail?id=318
wtc: There is a catch --> I'm not sure whether PIP is identifying the
browsers and disabling the functionality if you don't have one of the
supported browsers. The
problem is that once you generate a certificate for one of your browsers
(let say, Firefox), you won't be able to login to your account with Chrome
(or at least, you'll
have to go fetch a one-time-password sent to your e-mail, which is not
really user-friendly)
Follow the next steps to create an account and generate the certificate(s):
1) Go to the link and create an account
2) Once in your home page (usually after login), select "My Account"
3) Scroll down and you'll see three options for providing strong
authentication
a. VIP credential (it's actually a OTP token, or softid)
b. Browser certificate (--> this is what you want to get <--)
c. Information card (I guess this is for using with "Windows Cardspace")
4) Select the "Browser Certificate" option
--> This will start the certificate request and finally install the
certificate in your computer
--> If you are using Firefox, it will use the browser's internal PKCS
#11 keystore
--> If you are using IE, it will use Window's keystore (you can see the
certificates if you create a management console and attach the certificate
snap-in)
--> If you are using Chrome, it fails to generate the certificate
Keep in mind that once you generate a browser certificate, let's say for
Firefox, the PIP portal won't let you login with a different browser (since
those two browsers
do not share the same keystore): In order to enroll new browsers PIP will
send you a one-time-password to the e-mail you used to register the
account, then you can login
with the new browser and "enroll" it --> so now you can login using
certificates from those two browsers.
[updated] PIP won't even let me generate a certificate for Chrome, since
it's not listed in their "browsers that support certificates" list (so the
functionality is
disabled for Chrome... you might want to try to fake the "User-Agent"
header to make Chrome look like Firefox/IE and avoid this check). I've
tried generating an IE's
certificate, hoping that Chrome would use the Windows' keystore to retrieve
it later, but that doesn't work either.
btw, is there an easy way to change the User-Agent header in Chrome --> I
can probably help you guys testing this stuff.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
