Issue 268055 in chromium: "No Certificates Found"

[chro...@googlecode.com]

Status: Unconfirmed
Owner: ----
Labels: OS-Android Pri-2

New issue 268055 by j...@google.com: "No Certificates Found"
http://code.google.com/p/chromium/issues/detail?id=268055

Device name: Galaxy Nexus phone

From "Settings > About Chrome"
Application version: 28.0.1500.94
OS: Android 4.3


Behavior in Android Browser (if applicable):

Since the last Android update (or maybe Chrome update) on my phone, I get
this message, over and over: "No Certificates Found. The app Chrome has
requested a certificate. Choosing a certificate will let the app use this
identity with servers now and in the future. The app has identified the
requesting server as (...), but you should only give the app access to the
certificate if you trust the app. You can install certificates from a
PKCS#12 file with a .pfx or a .p12 extension located in external storage."

At that point, my choices are Install or Cancel. If I hit Install, it
says "No certificate found in USB storage" and we start over again. So I
hit Cancel, and we start over again. It takes four or five Cancels before
it stops.


Steps to reproduce:
1. Visit a corporate site. I am signed in with my corporate account.

Expected result: Get to the site


Actual result: Get this dialogue box




--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[chro...@googlecode.com]

Updates:
Labels: Needs-Feedback

Comment #1 on issue 268055 by ma...@chromium.org: "No Certificates Found"
http://code.google.com/p/chromium/issues/detail?id=268055

Sounds like issue 240733. Can you try Chrome Beta
(https://play.google.com/store/apps/details?id=com.chrome.beta&hl=en) and
see if it is fixed?

[chro...@googlecode.com]

Comment #4 on issue 268055 by mrpatr...@gmail.com: "No Certificates Found"
http://code.google.com/p/chromium/issues/detail?id=268055

getting the same issue

[chro...@googlecode.com]

Comment #8 on issue 268055 by t...@bettisnet.net: "No Certificates Found"
http://code.google.com/p/chromium/issues/detail?id=268055

Just to note on my earlier comment, we have 4000+ android devices so this
is really frustrating for our users. Our iOS users aren't having any
issues.

[chro...@googlecode.com]

Comment #9 on issue 268055 by a...@google.com: "No Certificates Found"
http://code.google.com/p/chromium/issues/detail?id=268055

I'm running Chrome 29.0.1547.72 on a Galaxy Nexus and I continue to see
this problem.

[chro...@googlecode.com]

Comment #10 on issue 268055 by t...@bettisnet.net: "No Certificates Found"
http://code.google.com/p/chromium/issues/detail?id=268055

This issue appears to be related to the server requesting an X.509
certificate.

[chro...@googlecode.com]

Comment #11 on issue 268055 by t...@bettisnet.net: "No Certificates Found"

http://code.google.com/p/chromium/issues/detail?id=268055

This issue appears to be related to the server requesting an X.509

certificate. When we set WantClientAuth=false on our Ping federation
server the problem goes away. Unfortunately, we have other applications
that depend on X.509 certificates.

[chro...@googlecode.com]

Comment #13 on issue 268055 by lau...@dittany.com: "No Certificates Found"
http://code.google.com/p/chromium/issues/detail?id=268055

Just began seeing this on my Note 3 after an update of Chrome beta.

[chro...@googlecode.com]

Comment #15 on issue 268055 by john.hos...@gmail.com: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

I'm running Chrome 37.0.2062.117 on Android 4.3 (I747UCUEMJB) and am
getting the same issue when browsing to https://control.akamai.com/

[chro...@googlecode.com]

Comment #16 on issue 268055 by libove....@gmail.com: "No Certificates Found"
https://code.google.com/p/chromium/issues/detail?id=268055

Same issue here - Chrome 38.0.2125.102 on Android 4.4.4 (CyanogenMod 11
nightlies on a Samsung Galaxy Tab 2), clicking through a Microsoft Hosted
Exchange (Office365) spam quarantine link to 'Report as Not Spam'
or 'Release to Inbox', the O365 quarantine web server requests a
certificate, and I have to click 'cancel' in Chrome on Android.
This does not happen with desktop Chrome.

[chro...@googlecode.com]

Comment #17 on issue 268055 by dewgr...@gmail.com: "No Certificates Found"
https://code.google.com/p/chromium/issues/detail?id=268055

Same problem for me too

[chro...@googlecode.com]

Comment #18 on issue 268055 by dewgr...@gmail.com: "No Certificates Found"
https://code.google.com/p/chromium/issues/detail?id=268055

I can fix the issue if you have access to IIS. Basically you need to go to
SSL Settings and make sure Require SSL is unchecked and that "Ignore" is
selected for Client Certificates.

[chro...@googlecode.com]

Comment #19 on issue 268055 by jim.de...@gmail.com: "No Certificates Found"
https://code.google.com/p/chromium/issues/detail?id=268055

I found this error while authenticating to a guest network at a national
lab. I solved the problem by pre-emptively entering the Android browser
(rather than Chrome) and going through the authentication process in that
browser. Subsequently, Chrome works fine on that network.

[chro...@googlecode.com]

Comment #21 on issue 268055 by cinn...@gmail.com: "No Certificates Found"
https://code.google.com/p/chromium/issues/detail?id=268055

I am facing this same issue, Please help me how to fix this issue?
This app (Chrome) has requested a certificate. Selecting a certificate will
allow the app to use this identify with servers now and in the future. the
application has identified the requesting server as '' but you should only
grant the application access to the certificate if you trust the
application.

You can install certificates from a PKCS#12 file with a .pfx or a .p12
extension

[chro...@googlecode.com]

Comment #22 on issue 268055 by SteveLau...@gmail.com: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

While implementing SSO with X.509 certificates, we have run into this same
issue. The prompt to install a certificate only comes up on the Chrome
browser from Android phones.

Please change Chrome on Android to behave like all other browser and not
prompt to install a certificate.

[chro...@googlecode.com]

Comment #24 on issue 268055 by shannon....@gmail.com: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

Ditto - Chrome on Android only in my case. Did not have this problem with
my N4. Have it often on my new Axon.

Google Chrome 45.0.2454.84 (Official Build) (64-bit)
Revision
f35ee3c741eb8a18b24c8406e4fe213bfd1a6eb8-refs/branch-heads/2454@{#437}
OS Android 5.1.1; A1P Build/LMY47V
Blink 537.36 (@201276)
JavaScript V8 4.5.103.28
User Agent Mozilla/5.0 (Linux; Android 5.1.1; A1P Build/LMY47V)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile
Safari/537.36
Command Line --use-mobile-user-agent --top-controls-show-threshold=0.5
--top-controls-hide-threshold=0.5 --enable-high-end-ui-undo
--use-mobile-user-agent --enable-begin-frame-scheduling --enable-pinch
--enable-overlay-fullscreen-video --enable-overlay-scrollbar
--validate-input-event-stream --disable-gpu-process-crash-limit
--enable-viewport-meta --main-frame-resizes-are-orientation-changes
--disable-composited-antialiasing --ui-prioritize-in-gpu-process
--enable-delegated-renderer --profiler-timing=0
--prerender-from-omnibox=enabled --enable-dom-distiller
--flag-switches-begin --flag-switches-end --enable-instant-extended-api
--top-controls-show-threshold=0.5 --top-controls-hide-threshold=0.5
Executable Path No such file or directory
Profile Path /data/data/com.android.chrome/app_chrome/Default
Variations 47f591a-3f4a17df
2aa1a5f2-3f4a17df
6345b824-3d47f4f4
e950616e-80d559bc
236d5d9e-fecfffa1
6cd5f6bc-f23d1dea
72be4de-3f4a17df
be58198d-3d47f4f4
47e5d3db-3d47f4f4
77207729-3d47f4f4
2a33b90e-3d47f4f4
e9f4800b-39c30599
19f73432-ca7d8d80
9d315c2-ca7d8d80
9577ea1a-55ca479c
34262f5b-ca7d8d80
93731dca-3f4a17df
9e5c75f1-dc6f1dc2
f79cb77b-3d47f4f4
4ea303a6-ecbb250e
826d6cab-ca7d8d80
5c3cc7b1-ca7d8d80
b2612322-f8cf70e2
2ce2968c-57e3669a
c99b9cf4-3f4a17df
244ca1ac-4ad60575
3ac60855-486e2a9c
f296190c-eaceac83
4442aae2-e1cc0f14
ed1d377-e1cc0f14
75f0f0a0-e1cc0f14
e2b18481-d7f6b13c
e7e71889-4ad60575
Build ID e1c30f38-3663-43ef-9a11-16603000ae1f

[chro...@googlecode.com]

Updates:
Cc: klo...@chromium.org

Comment #25 on issue 268055 by kamak...@google.com: "No Certificates Found"
https://code.google.com/p/chromium/issues/detail?id=268055

(No comment was entered for this change.)

[chro...@googlecode.com]

Updates:
Cc: sle...@google.com

Comment #26 on issue 268055 by klo...@chromium.org: "No Certificates Found"

[chro...@googlecode.com]

Updates:
Status: Assigned
Owner: sle...@google.com
Labels: M-46

Comment #27 on issue 268055 by kamak...@google.com: "No Certificates Found"
https://code.google.com/p/chromium/issues/detail?id=268055

The bug is reproducible on latest builds still. Assigning to sleevi@ after
talking to him to review the issue.

[chro...@googlecode.com]

Comment #29 on issue 268055 by f...@flywithcupid.com: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

No other browser has this issue. If a site is https, it will request a
client certificate for secure purposes.

This is normal browser behavior.

How can someone working at Google not know this?

[chro...@googlecode.com]

Updates:
Status: ExternalDependency
Owner: rsl...@chromium.org
Labels: -Needs-Feedback -Needs-Feedback -Hotlist-Recharge

Comment #37 on issue 268055 by davi...@chromium.org: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

Switching to Ryan's chromium.org address, but I'm pretty sure this is just
ExternalDependency if not outright WontFix.

[chro...@googlecode.com]

Updates:
Labels: -M-46

Comment #38 on issue 268055 by davi...@chromium.org: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

(No comment was entered for this change.)

[chro...@googlecode.com]

Comment #39 on issue 268055 by dhiraj.h...@gmail.com: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

Hi,

We are also facing the same issue while accessing our https Website from
Android devices through Chrome. same is working fine with other browser
like Firefox/Safari etc.

Looks like it's a generic issue. Kindly suggest how can we resolve it.

Dhiraj

[chro...@googlecode.com]

Comment #40 on issue 268055 by davi...@chromium.org: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

dhiraj.haritwal: As with comment #35, the issue is that optional client
certificate authentication does not work. Due to Android's security model,
the failure modes are particularly bad for Chrome on Android, but this
deployment strategy is not viable in general.

If you don't know what I mean by "optional client certificate
authentication", your site is probably misconfigured to request client
certificates when you don't need it to. The fix is then straightforward but
depends on what server software you're running. Consult the documentation
on how to configure SSL for it.

[chro...@googlecode.com]

Comment #41 on issue 268055 by f...@flywithcupid.com: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

I fixed this by telling server not to request client cert on nginx. Which
web server are you using ? It more then likely can be disabled.

[chro...@googlecode.com]

Comment #42 on issue 268055 by dhiraj.h...@gmail.com: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

Hi,

I am using IIS 7.5 along with "Ignore Client Certificate" setting for SSL.
My site is not requesting client certificate. How can i fix it.


Dhiraj

[chro...@googlecode.com]

Comment #44 on issue 268055 by dhiraj.h...@gmail.com: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

Hi,

I had a case with Microsoft Professional Support for this issue. They have
checked & verified that, first of all nothing wrong with IIS Config,
secondly this issue is only with Chrome browser whereas same IIS Hosted
site is working without any issue in other browser like Safari/Firefox.

Also as i mentioned in my earlier post, already have ignore client
certificate option selected on IIS.

you can check for below website.

email me your mail ID to send you URL.

[chro...@googlecode.com]

Updates:
Cc: -sle...@google.com
Labels: Needs-Feedback

Comment #45 on issue 268055 by rsl...@chromium.org: "No Certificates Found"
https://code.google.com/p/chromium/issues/detail?id=268055

Note: This bug has grown a number of comments, making it difficult to
triage. I'm going to set a Needs-Feedback flag on this; those that are
encountering issues are requested to provide a chrome
net-internals/net-export log (see
https://dev.chromium.org/for-testers/providing-network-details )

However, please be aware: If a website requests client certificate
authentication (whether in require or want mode - if it requests it *at
all*), then this behaviour is expected and by design as part of the Android
security model.

If you are using client certificate authentication, and are an Enterprise,
you can use the android.app.admin APIs to handle and suppress prompts, as
appropriate to your enterprise config, through the use of an MDM
application.

If you are a user, and seeing this on random sites, the *server* is at
fault. While we can suppress these prompts on some platforms Chrome runs on
(such as common desktop platforms), the enhanced security and privacy
design of Android do not make it possible for applications - where Chrome
or evil hostile applications - to find out your identities in a way that
would let us suppress the prompt if you don't have any. However, the
server, not Chrome, is the one misconfigured for requesting it in the first
place.

I'm not directly closing this as WontFix, in the slight event that someone
has a net-internals log that suggests there might be a Chrome bug where the
server *isn't* requesting it, but based on these comments, that does not
appear to be the case. We will likely WontFix this, for working as
intended, for the reasons described above.

[chro...@googlecode.com]

Comment #48 on issue 268055 by vijayaka...@gmail.com: "No Certificates
Found"
https://code.google.com/p/chromium/issues/detail?id=268055

I have the same problem for my website www.marrysoon.com i resolved by
installing file "AddTrustExternalCARoot"