Additional Blogs by Members
Showing results for 
Search instead for 
Did you mean: 
Former Member

If you are using Google Chrome and SAP Passport and you are tired of constantly selecting certificates while browsing SAP sites I have something for you. The following procedure has been tested on Windows 8.1 Enterprise and Chrome 30÷37, but should work on Windows 7/8 as well as other Chrome versions:

  1. Download and extract Chrome policy templates from here:
  2. Start the Local Group Policy Editor: Start > Run > gpedit.msc > OK
  3. Right-click on Computer Policy > Computer Configuration > Administrative Templates and choose Add/Remove Templates...
  4. Click Add..., choose policy_templates\windows\adm\en-US\chrome.adm (from the already downloaded and extracted policy templates) and click Open (Note: if your Windows language is different from en-US choose the chrome.adm from the respective language folder)
  5. Navigate to Local Computer Policy > Computer Configuration > Administrative Templates > Classic Administrative Templates (ADM) > Google > Google Chrome > Content Settings
  6. Double-click on Automatically select client certificates for these sites
  7. Click Enabled
  8. Click Show... in the Options pane
  9. Consecutively add the following lines:

    {"pattern":"https://[*.]sap.corp","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}

    {"pattern":"https://[*.]","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}

    {"pattern":"https://[*.]","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}

  10. Click OK
  11. Re-launch Chrome
  12. Done. No more annoying pop-ups!

If you're on a Mac you'll have to create/edit file /Library/Preferences/ and insert the following code (extend it for more server addresses):

<plist version="1.0">




     <string>{"pattern":"[*.]sap.corp","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}</string>

     <string>{"pattern":"[*.]","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}</string>

     <string>{"pattern":"[*.]","filter":{"ISSUER":{"CN":"SAP Passport CA"}}}</string>




Note: for some users (SAP employees and not partners/clients) the issuer should be SSO_CA instead of SAP Passport CA

Special thanks to steffen and boris.tsirulnik for their contribution to this post!