Knowledge Base

Support Policies

Chrome users unable to enroll for certificates (4-Please contact admin)

SecureAuth IdP Version affected: not version specific

 

Description:

Chrome users receive the following message when trying to enroll for a certificate using the SecureAuth enrollment realm

Cause:

In SecureAuth IdP, <keygen> is used to deliver X.509 v3 digital certificates to users. Starting with Chrome 49, Key Generation element <keygen> has been deprecated from the software. This means that users with Chrome 49 or greater will be unable to enroll for certificates on SecureAuth IdP realms configured to use keygen.

Note - this only applies to users with Chrome version 49 and above.


Resolution:

There are 3 workarounds for the issue this time:
1) Use Internet Explorer (Windows) or Safari (OS X) to enroll for certificates

2) Configure a realm to use PFX as an alternative delivery method for Chrome. This process will involve enrolling and downloading the certificate, then the user will need to install the certificate on their machine through a short installation process.

For more information on the PFX realm, please see the following documentation:
Standard/Basic PFX Realm Configuration for 8.x Appliance

3) in Chrome, go to Settings - chrome://settings/
 - Show Advanced Settings
 - Under Privacy > Content Settings > select "Key generation"
 - Under Key Generation, click Manage exceptions...
 - enter the Hostname pattern, such as [*.]example.com
 - Set Behavior = Allow
click Done

Once you go through your certificate enrollment realm, the certificate will be downloaded and appear in the download bar of the browser
 - Click the certificate to open it
 - From the certificate window, click "Install Certificate" to launch the Wizard
 - Click "Next"
 - Select "Automatically select the certificate store..."
 - Click "Finish"

A pop-up window will appear indicating the install was successful

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.