Skip to main content

Chrome certificate peculiarities

The following information applies specifically to importing and authenticating certificates in Google Chrome. While this information may be applicable to browsers that use the same Chromium engine (such as Microsoft Edge), FairCom currently only supports Google Chrome.

Certificate Authorities

Chrome on Windows, Linux , and macOS authenticates servers using the OS trust store which holds trusted Certificate Authority (CA) certificates. When Chrome connects to a server, that server sends its certificate to your browser. If that server certificate was not signed by any of the CA certificates from the OS trust store, Chrome will not trust the server.

FairCom's certificate import utility (importcert.py) can import CA certificates into the OS trust store for Windows, Linux, and macOS systems. This utility is located in the <FairCom installation>/tools/certman/ directory.

After importing a new CA certificate into the OS trust store, Chrome will need to be restarted before it will acknowledge it. If you encounter any problems getting Chrome to acknowledge a new CA certificate, type chrome://restart into the address bar to manually force all browser windows to restart even if they are running in the background. Since this will restart all Chrome windows, be certain you have saved all important data prior to doing this.

Client certificates

In Microsoft Windows and Apple macOS, Chrome can also use client certificates found in the OS trust store. When a server requests a client certificate, Chrome will ask the user to select a client certificate from the OS trust store in a prompt similar to this pop-up window:

select_a_certificate.png

In this image, only one client certificate exists in the OS trust store. That certificate was created for the "admin" user, as shown in the "Subject" column, and was signed by a CA certificate named "FairCom Private Certificate Authority".

Linux

Like macOS and Windows, Google Chrome in Linux can use the OS trust store, but Linux can also store its own certificates on the chrome://settings/certificates page. If you choose this option, CA certificates should be added under the Authorities tab by using the Import button on the right.

Linux.png

This image from Google Chrome in Linux shows a CA certificate that was created and imported to chrome://settings/certificates underneath one of the default certificates. The organization value in the certificate is set to "FairCom".

MacOS

Google Chrome in macOS uses the OS trust store similar to how Windows does. CA certificates are stored in the Keychain Access app under "System Roots"->"Certificates". Client certificates are stored under "System"->"My Certificates".