You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: tutorials/browser-certificate-setup-guide.mdx
+14-7Lines changed: 14 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,10 +9,9 @@ description: This tutorial describes how to set up web browsers to access resour
9
9
10
10
Certificate-based authentication in web browsers
11
11
offers excellent security characteristics, thanks to mutual TLS.
12
-
13
12
However, the user experience has traditionally been poor,
14
-
with mysterious certificate errors,
15
-
confusing certificate authentication dialogs,
13
+
with mysterious TLS errors,
14
+
confusing certificate selection dialogs,
16
15
and differing behaviors between browsers.
17
16
18
17
Smallstep addresses these issues
@@ -23,10 +22,16 @@ so the user can have a seamless experience.
23
22
24
23
Smallstep browser certificates are available for macOS, Windows, and Linux devices.
25
24
25
+
## Before you begin
26
+
26
27
Before you begin, make sure:
27
28
28
-
1. Your devices are [added to Smallstep](https://smallstep.com/docs/platform/enrollment-guide/).
29
-
2. Someone from [our support team](https://support.smallstep.com/kb-tickets/new) has helped you get set up. Your Smallstep team is configured properly for the resource that you are using client certificates to protect.
29
+
1. Your devices are [enrolled into your Smallstep inventory](https://smallstep.com/docs/platform/enrollment-guide/).
30
+
2. Someone from [our support team](https://support.smallstep.com/kb-tickets/new) has helped you get set up. Client certificates can be used in several ways. Confirm that your Smallstep team is configured for the resource that you are using client certificates to protect.
31
+
32
+
You will need a list of URLs that will require a client certificate on your devices.
33
+
34
+
These URLs will vary by use case.
30
35
31
36
## macOS
32
37
@@ -167,8 +172,8 @@ For Chrome and Edge, we can use the [`AutoSelectCertificateForUrls`](https://chr
167
172
5. Restart the browser.
168
173
6. Confirm the policy change.
169
174
170
-
- In Chrome, check <ahref="chrome://policy">chrome://policy</a>.
171
-
- In Edge, check <ahref="edge://policy">edge://policy</a>.
175
+
- In Chrome, check <ahref="chrome://policy">chrome://policy</a>.
176
+
- In Edge, check <ahref="edge://policy">edge://policy</a>.
172
177
173
178
To test the certificate, restart the browser and visit one your target URLs.
174
179
You should not see any certificate selection dialogs.
@@ -208,6 +213,8 @@ Don't see it? Check that the Smallstep agent is installed correctly.
208
213
To test the certificate, restart the browser and visit one your target URLs.
209
214
You should not see any certificate selection dialogs.
210
215
216
+
### Firefox
217
+
211
218
#### Client certificate auto-selection
212
219
213
220
Use the <ahref="about:certificate">about:certificate</a> URL to see all of the client certificates installed in Firefox's certificate database.
0 commit comments