How to stop Chrome's Select a certificate window?

Chrome Version 59.0.3071.86 (64-Bit), Win 7 Enterprise:

Create registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls  

Here create new String value (REG_SZ) with name 1

As Value data enter:

{"pattern":"[*.]","filter":{}}

This is how the registry then looks like.

For more information on this key I found:

The value must be an array of stringified JSON dictionaries. Each dictionary must have the form { "pattern": "$URL_PATTERN", "filter" : $FILTER }, where $URL_PATTERN is a content setting pattern. $FILTER restricts from which client certificates the browser will automatically select. Independent of the filter, only certificates will be selected that match the server's certificate request. If $FILTER has the form { "ISSUER": { "CN": "$ISSUER_CN" } }, additionally only client certificates are selected that are issued by a certificate with the CommonName $ISSUER_CN. If $FILTER is the empty dictionary {}, the selection of client certificates is not additionally restricted.

on Automatically select client certificates for these sites

Chrome Version 87.0.4280.141 (64-Bit), Win 10 Enterprise:

Create registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\AutoSelectCertificateForUrls  

Here create new String value (REG_SZ) with name 1

As Value data enter:

{"pattern":"[*.]mycompany.com","filter":{"ISSUER":{"CN":"MyCompanyCA"}}}

enter image description here

MyCompanyCA and the subdomain mycompany.com must be replaced with your corresponding url and issuing company.


If you have multiple certificates and the one you want to select is not the first one then you will need to apply a filter.

http://www.chromium.org/administrators/policy-list-3#AutoSelectCertificateForUrls has an in-depth description of the filter values, but you're probably not interested in most of them and can use:

{"pattern":"[*.]","filter":{"ISSUER":{"CN":"[Issued By]"}}}

replacing [Issued By] with the issuer of your client certificate. I can't for the life of me manage to get the URL pattern working with anything more specific than [*.], which matches any URL.