Access with Certificate Chrome in Python

This is a solution to sign in using a Digital Certificate. First I need to thanks IngussNeilands for the tutorial provided on his Github. It saved me! You can follow the steps on IngussNeilands´s tutorial here or follow my version of his tutorial below.

Steps to Configure the Policy Groups

1. Download Chrome Policy Templates from here: http://dl.google.com/dl/edgedl/chrome/policy/policy_templates.zip

2. Extract the .zip file and find the chrome.adm that matches the country and the language settings on your Windows, following the path:

policy_templates\windows\adm\<YourCountryAndLanguage>\chrome.adm

3. Type "run" into your Windows Search Bar or press Windows + R. Then type de command gpedit.msc to open the The Local Group Policy Editor

4. Now, access:

Computer Policy > Computer Configuration

5. Right-click the file Administrative Templates and select Add or remove templates

6. Click add and navigate to the chrome.adm that you choose before on policy_templates\windows\adm<YourCountryAndLanguage>\chrome.adm. Click to open it

7. Now, navigate to:

Computer Policy > Computer Configuration > Administrative Templates > Classic Administrative Templates(ADM) > Google > Google Chrome > Content Settings

8. Then on the right side of the window, find and double-click the option "Automatically select client certificates for these sites"

9. Click the Enabled option

10. Now, Click Show... in the option pane below

11. Copy and paste the JSON below in the line of the column Value:

{"pattern":"https://[*.]example.com","filter":{"ISSUER":{"CN":"example.com"}, "SUBJECT":{"CN":"value"}}

12. This JSON needs to be rewritten with your certificate informations

13. Press again Windows + R then type de command regedit to open the Regisry Editor and navigate to the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls

14. Check if there is a registry with the name 1 created

15. If a registry with the name 1 was created, you can now Run the application!

16. Else, you'll need to either change de name of the registry to 1 or change the parameter of the method Registry.LocalMachine.OpenSubKey().SetValue() in the application to the name of the registry you just created.

How to rewrite the Chrome Configure JSON

Ok, now a will give you a brief explanation on how to rewrite the Chrome Config JSON.

In the "pattern" key the value needs to be the URL that the certificate will be sent to. In most cases this URL is the same URL of the page, but some sites won't use the same URL base to send the certificate. For example, when I was trying to Web Scraping the NFS-e in "Uberlândia city" I needed to debug the script of the page to find the URL to where the certificate was sent.

The "filter" key will have the certificate information. In my case, I need to access the same website with different certificates, and for doing that I'll have to fill the JSON with the information of "ISSUER" and the "SUBJECT". Chrome will choose one certificate that matches with the information content in the filter key. For example, if I fill the "CN" from the "ISSUER" object with "SERASA Certificadora Digital v5" I'll have more than one certificate with these informations and Chrome won't be able to choose the right certificate.

If you went through all these steps, you can now run your application!

Back to Top ☝️