Purposes are included (Client Authentication and Server Authentication were the ones I needed.). Then, click on Select Certificate Purposes and make sure your intended You should see a window like this:ĭouble click on Certificate Path Validation Settings.Ĭheck Define these policy settings and select the settings as in the picture below.
Import your CA's certificate without changing any of the default settings.īack to the Console Root, navigate under Local Computer Policy snap-in to Computer Configuration -> Windows Settings -> Security Settings -> Public Key Policies. Again, click on the middle pane and choose All Tasks -> Import. Just import your user's certificate without changing any of the default settings.Įxpand the Trusted Root Certification Authorities and click on Certificates.
The Certificate Import Wizard will appear. Then right-click on the middle pane and choose All Tasks -> Import. Leave Group Policy Object set to LocalComputer in the next dialog and click Finish.Ĭlick OK to leave the Add or Remove Snap-ins dialog.Īt this point you should be looking at a Console window like this:Įxpand the Certificates snap-in and click to Personal.
In the console window: File -> Add/Remove Snap-in.Ĭhoose Certificates snap-in and choose to manage certificates for My user account in the next window.īack in the Add or Remove Snap-ins dialog, choose Group Policy Object Editor and Add it to the Console Root. If anyone has the same problem, here is the solution and it should work on Windows 7, 8 and 10.Ĭreate a windows management console file. I do not know if this is a Chrome issue or if it is some security restriction that Windows enforces but I find it extremely impractical and annoying. After importing the certificates in the user's keychain I am presented with the same warning and the option to "Proceed anyway". Is there any way around this problem that I am unaware of? Why has Chrome taken away the option to proceed anyway on windows but the option still exists on other OSs? On Windows Chrome and IE I am given no such option. I then restart chrome via chrome://restart and have even restarted Windows to no avail.Īfter I get the (expected) warning about the server certificate authenticity not being verified, in linux and on Firefox in Windows I am given the option to "Proceed anyway". I store the client certificate in the "Personal" store and the CA's certificate in "Trusted Root Certification Authorities". I import the certificates by running certmgr.msc. So I know it is not a misconfiguration of the server, the system clock or the certificates themselves. Things work perfectly in Linux with both Firefox and Chrome. I have an nginx installation and a self-signed CA against which I want my users to authenticate with client certificates signed by this CA.
0 kommentar(er)
