Hack of the Week

Imagine daily pop-ups and prompts could be really annoying. On the top of that, this could also be a serious obstacle in web interface automation using pure Selenium approach.

So how to bypass this almost effortlessly ?

Enterprise certificate policies – tune your policies!

As enterprises adopt Chrome Browser and Chrome OS, they often require added controls and configurations to meet their productivity and security needs. It is a standard in centralized security management.

It can happen that there is a domain not included in the policy list. Domain has a prerequisite to use certificate but it is not available to be downloaded automatically from your SSL certificate issuer. Normally, access certificate is obtained automatically and user proceeds without noticing any activity.

This can become a pain in any browser when the certificate is not available or the prompt has pop-up while every access.

Imagine daily pop-ups and prompts could be really annoying. On the top of that, this could also be a serious obstacle in web interface automation using pure Selenium approach.

So how to bypass this almost effortlessly ?

First of all, you need to obtain a certificate from domain administrator. Secondly, installing it just by double clicking. Mind certificate information after installation. More on possible certificate parameters here:

https://chromeenterprise.google/policies/#RequiredClientCertificateForUser

It becomes a part of your operating system certificate list. After that you are able to configure your preference usage of the certificate and avoid any prompts from domain you are trying to visit.

According to Chromium documentation:

„The recommended way to configure policy on Windows is Group Policy Object (GPO), however on machines that are joined to an Active Directory domain, policy settings may also be stored in the registry under HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER in the following paths: Google Chrome: Software\Policies\Google\Chrome\ „

So now, just navigate using regedit.msi to folder Chrome location where the value is to be registered.

Add a new entry and in value specify your certificate precisely as possible. In my case it is the pattern below:

{„pattern“:“[*.]mycompany.com“,“filter“:{„ISSUER“:{„CN“:“MyCompanyCA“}}}

Voila, you should be able to access your domain without any disturbances.

Happy to use it!

Article by Štefan Mastiľák, Anton Hajdu & Dominik Mesaroš

Reference:

https://www.chromium.org/administrators/policy-templates

https://chromeenterprise.google/policies/#RequiredClientCertificateForUser