question

PERRETBertrand-0941 avatar image
0 Votes"
PERRETBertrand-0941 asked LimitlessTechnology-2700 answered

The Edge Chromium 'AutoSelectCertificateForUrls' not working with several smart cards in a workstation.

Hello,

We are currently testing the 'AutoSelectCertificateForUrls' Edge policy as suggested but in the case of multi-smartcard workstations.

I have a Windows 10 workstation and a reader connected to it.

I have two smart cards (A & B) each of these containing an authentication certificate (A & B).
The user cert store is empty.

I insert smart card A into the reader.
The auth certificate A is pushed into user cert store.
I connect to a HTTPS test web site:
no selection dialog prompt (OK) and SSL connection is successful (OK).

I close Edge.

Then, I insert smart card B into the same reader.
The auth certificate B is pushed into user cert store.
I connect to the same HTTPS test web site:
no selection dialog prompt (OK (1)) and SSL connection is successful (OK).

I close Edge again.

Then, I re-insert smart card A into the reader (2).
The auth certificate A is still present in user cert store.
I connect to the same HTTPS test web site:
no selection dialog prompt (OK (1)) but SSL connection fails (the underlying CSP claims that
the chosen certificate (apparantly certificate B) is not that of the smart card (certificate A).

From this experiment, I guess that 'AutoSelectCertificateForUrls' Edge Chromium policy remembers and uses the last used certificate.

(1) I think the expected behaviour at this stage is that Edge Chromuim should prompt for certificate selection dialog
because there are at least two certificates meeting the ISSUER condition.

(2) From this step, we can no longer connect with smart card A. but only with smart card B

Could you confirm the supposed behaviour?

Could you inform the Edge development team of this issue for muti-smartcard workstations ?

In the meantime, how can I remedy to this?

Thanks for you care.

windows-10-securityms-edge
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hi there,

I came across these steps and hope this might help you out

Try out these steps

Internet Options > Security > Internet > Custom Level: Don't prompt for client certificate selection when only one certificate exists - set to Disable
Internet Options > Content > Certificates: Enable smart card certificates for client authentication
Internet Options > Enable this Advanced: SSL 3.0, TLS 1.0/1.1/1.2
Install all required PKI certificates required



If the reply is helpful, please Upvote and Accept it as an answer

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.