New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 20 users

Issue metadata

Status: Archived
Closed: Nov 2015
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 2
Type: ----

Sign in to add a comment

"No Certificates Found"

Reported by, Aug 3 2013 Back to list

Issue description

Device name: Galaxy Nexus phone

From "Settings > About Chrome"
Application version: 28.0.1500.94
OS: Android 4.3

Behavior in Android Browser (if applicable):

Since the last Android update (or maybe Chrome update) on my phone, I get this message, over and over: "No Certificates Found. The app Chrome has requested a certificate. Choosing a certificate will let the app use this identity with servers now and in the future. The app has identified the requesting server as (...), but you should only give the app access to the certificate if you trust the app. You can install certificates from a PKCS#12 file with a .pfx or a .p12 extension located in external storage."

At that point, my choices are Install or Cancel. If I hit Install, it says "No certificate found in USB storage" and we start over again. So I hit Cancel, and we start over again. It takes four or five Cancels before it stops.

Steps to reproduce:
1. Visit a corporate site. I am signed in with my corporate account.

Expected result: Get to the site

Actual result: Get this dialogue box


Comment 1 by, Aug 5 2013

Labels: Needs-Feedback
Sounds like issue 240733.  Can you try Chrome Beta ( and see if it is fixed?
Status: Untriaged
Status: Available

Comment 4 by, Aug 21 2013

getting the same issue 

Comment 5 by, Aug 21 2013

mrpatryan, please see #1 - does the issue reproduce on M29?

Comment 6 by, Aug 21 2013

Hi, we are getting the same issue at my company when Android devices connect to our Ping Federate server for SAML authentication.  This error occurs in Chrome Beta 29.0.1547.58, Chrome 28.0.1500.94, and Internet Version 4.1.2-I535VRBMF1.  

Comment 7 by Deleted ...@, Aug 22 2013

I just installed the beta... 

And I still have the same issue. Beta 29.0.1547.58, Android 4.1.2, Galaxy S3 build JZO54K, Webkit 537.36(@155959)

I can provide a URL for testing privately.

Comment 8 by, Aug 23 2013

Just to note on my earlier comment, we have 4000+ android devices so this is really frustrating for our users.  Our iOS users aren't having any issues.

Comment 9 by, Sep 15 2013

I'm running Chrome 29.0.1547.72 on a Galaxy Nexus and I continue to see this problem.

Comment 10 Deleted

Comment 11 by, Oct 28 2013

This issue appears to be related to the server requesting an X.509 certificate.  When we set WantClientAuth=false on our Ping federation server the problem goes away. Unfortunately, we have other applications that depend on X.509 certificates.
I am seeing this error when loading an HTTPS resource that is secured by an * type of certificate.  Prior to a recent change the certificate was in the form  When we updated to use * it appears to have broken the functionality within Chrome.  

Note that this only occurs on Chrome on a mobile device.  In my case Galaxy Note 10.1 (Galaxy S4 produces a similar message).  Chrome on my desktop is fine.

Comment 13 by Deleted ...@, Mar 1 2014

Just began seeing this on my Note 3 after an update of Chrome beta.

Comment 14 by Deleted ...@, Apr 2 2014

I'm getting this when I use the 'Report as Not Spam' link for Exchange Online Protection while on my S4. At this point I'm not sure if it's an EOP or Android/Chrome issue, but I thought I'd share just in case it helps narrow down the problem.
I'm running Chrome 37.0.2062.117 on Android 4.3 (I747UCUEMJB) and am getting the same issue when browsing to
Same issue here - Chrome 38.0.2125.102 on Android 4.4.4 (CyanogenMod 11 nightlies on a Samsung Galaxy Tab 2), clicking through a Microsoft Hosted Exchange (Office365) spam quarantine link to 'Report as Not Spam' or 'Release to Inbox', the O365 quarantine web server requests a certificate, and I have to click 'cancel' in Chrome on Android.
This does not happen with desktop Chrome.

Comment 17 Deleted

Comment 18 by Deleted ...@, Nov 17 2014

I can fix the issue if you have access to IIS. Basically you need to go to SSL Settings and make sure Require SSL is unchecked and that "Ignore" is selected for Client Certificates.

Comment 19 by Deleted ...@, Jul 20 2015

I found this error while authenticating to a guest network at a national lab. I solved the problem by pre-emptively entering the Android browser (rather than Chrome) and going through the authentication process in that browser. Subsequently, Chrome works fine on that network.

Comment 20 Deleted

Comment 21 by Deleted ...@, Jul 29 2015

I am facing this same issue, Please help me how to fix this issue?
This app (Chrome) has requested a certificate. Selecting a certificate will allow the app to use this identify with servers now and in the future. the application has identified the requesting server as '' but you should only grant the application access to the certificate if you trust the application.

You can install certificates from a PKCS#12 file with a .pfx or a .p12 extension

Comment 22 by Deleted ...@, Aug 26 2015

While implementing SSO with X.509 certificates, we have run into this same issue. The prompt to install a certificate only comes up on the Chrome browser from Android phones.

Please change Chrome on Android to behave like all other browser and not prompt to install a certificate.
I'm still seeing this issue on Chrome. When will this be fixed or what is the work around? It affects users trusting my site!w
Ditto - Chrome on Android only in my case. Did not have this problem with my N4. Have it often on my new Axon.

Google Chrome	45.0.2454.84 (Official Build) (64-bit)
Revision	f35ee3c741eb8a18b24c8406e4fe213bfd1a6eb8-refs/branch-heads/2454@{#437}
OS	Android 5.1.1; A1P Build/LMY47V
Blink	537.36 (@201276)
JavaScript	V8
User Agent	Mozilla/5.0 (Linux; Android 5.1.1; A1P Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.84 Mobile Safari/537.36
Command Line	--use-mobile-user-agent --top-controls-show-threshold=0.5 --top-controls-hide-threshold=0.5 --enable-high-end-ui-undo --use-mobile-user-agent --enable-begin-frame-scheduling --enable-pinch --enable-overlay-fullscreen-video --enable-overlay-scrollbar --validate-input-event-stream --disable-gpu-process-crash-limit --enable-viewport-meta --main-frame-resizes-are-orientation-changes --disable-composited-antialiasing --ui-prioritize-in-gpu-process --enable-delegated-renderer --profiler-timing=0 --prerender-from-omnibox=enabled --enable-dom-distiller --flag-switches-begin --flag-switches-end --enable-instant-extended-api --top-controls-show-threshold=0.5 --top-controls-hide-threshold=0.5
Executable Path	No such file or directory
Profile Path	/data/data/
Variations	47f591a-3f4a17df
Build ID	e1c30f38-3663-43ef-9a11-16603000ae1f
Labels: M-46
Status: Assigned
The bug is reproducible on latest builds still. Assigning to sleevi@ after talking to him to review the issue.
Labels: Cr-Internals-Network-SSL
It sounds like we need to divide this bug into public (non-Google) and private (Google). The problems by Googlers are caused by how Google has configured things, and that's separate internal teams to resolve.

For the non-Googler case, this error message only occurs when you encounter a site that requests a client certificate. There's nothing that Chrome can do here - the site has requested a client certificate, and to even know if a client certificate is valid, Chrome for Android has to ask the OS. That's the prompt you're seeing - it's controlled by Android and all apps (Google or otherwise) are required to go through that flow.

This will occur with any site configured to request client certificates, so to resolve this, either don't request client certificates, or configure your Android devices to have client certificates (e.g. via a device management application or via installing a PKCS#12 file).

kamakshi: This is all "By Design" behaviour, but requires server operators to change, so I'm not sure what to do with this bug. I'd be inclined to WontFix/WorkingAsIntended. The steps for what options exist for Android - both what should Googlers do vs non-Googlers do - requires someone to speak more from the Android OS side and the mobile device manager options. The Android APIs involved are DevicePolicyManager ( ) and DeviceAdminReceiver ( ), but that's not a Chrome thing.
No other browser has this issue. If a site is https, it will request a
client certificate for secure purposes.

This is normal browser behavior.

How can someone working at Google not know this?
fly: You're confusing client and server certificates. https will always have a *server certificate*. This bug has nothing to do with that. This is about the server requesting a *client* certificate which does not happen all the time and isn't especially common. Chrome is not in control of the prompt on Android and cannot suppress it.
Ok, that is more clear, I see.

So how come the other browsers do not have this issue, like the non-Chrome
browser on my Android device?
I'm not familiar with those browsers. They might not support client certificates. Client certs, much as I hate them, are unfortunately pretty critical in a lot of deployments so losing them isn't really an option.
I use nginx. What is the workaround?
Do you have a reason to be requesting client certificates? Given the confusion, I'm guessing no. It appears in nginx client certs are configured with the ssl_verify_client directive. If you don't need client certs, remove it.
Looks like it's on by default.

This did it:

ssl_verify_client off;
Labels: Hotlist-Recharge
This issue likely requires triage.  The current issue owner may be inactive (i.e. hasn't fixed an issue in the last 30 days or commented in this particular issue in the last 90 days).  Thanks for helping out!

Labels: -Needs-Feedback -Needs-Feedback -Hotlist-Recharge
Status: ExternalDependency
Switching to Ryan's address, but I'm pretty sure this is just ExternalDependency if not outright WontFix.
Labels: -M-46

Comment 39 by Deleted ...@, Oct 14 2015


We are also facing the same issue while accessing our https Website from Android devices through Chrome. same is working fine with other browser like Firefox/Safari etc.

Looks like it's a generic issue. Kindly suggest how can we resolve it.

dhiraj.haritwal: As with comment #35, the issue is that optional client certificate authentication does not work. Due to Android's security model, the failure modes are particularly bad for Chrome on Android, but this deployment strategy is not viable in general.

If you don't know what I mean by "optional client certificate authentication", your site is probably misconfigured to request client certificates when you don't need it to. The fix is then straightforward but depends on what server software you're running. Consult the documentation on how to configure SSL for it.
I fixed this by telling server not to request client cert on nginx.  Which
web server are you using ? It more then likely can be disabled.

Comment 42 by Deleted ...@, Oct 19 2015


I am using IIS 7.5 along with "Ignore Client Certificate" setting for SSL. My site is not requesting client certificate. How can i fix it.

I don't think people on this bug would know much about configuring IIS. You'd want to talk with Microsoft about that. From searching around, "Ignore Client Certificate" seems to be the option you want.

Do you have a URL we can look at? We can at least confirm this is what's going on with your site.

Comment 44 by Deleted ...@, Oct 23 2015


I had a case with Microsoft Professional Support for this issue. They have checked & verified that, first of all nothing wrong with IIS Config, secondly this issue is only with Chrome browser whereas same IIS Hosted site is working without any issue in other browser like Safari/Firefox.

Also as i mentioned in my earlier post, already have ignore client certificate option selected on IIS.

you can check for below website.

email me your mail ID to send you URL.

Labels: Needs-Feedback
Note: This bug has grown a number of comments, making it difficult to triage. I'm going to set a Needs-Feedback flag on this; those that are encountering issues are requested to provide a chrome net-internals/net-export log (see )

However, please be aware: If a website requests client certificate authentication (whether in require or want mode - if it requests it *at all*), then this behaviour is expected and by design as part of the Android security model.

If you are using client certificate authentication, and are an Enterprise, you can use the APIs to handle and suppress prompts, as appropriate to your enterprise config, through the use of an MDM application.

If you are a user, and seeing this on random sites, the *server* is at fault. While we can suppress these prompts on some platforms Chrome runs on (such as common desktop platforms), the enhanced security and privacy design of Android do not make it possible for applications - where Chrome or evil hostile applications - to find out your identities in a way that would let us suppress the prompt if you don't have any. However, the server, not Chrome, is the one misconfigured for requesting it in the first place.

I'm not directly closing this as WontFix, in the slight event that someone has a net-internals log that suggests there might be a Chrome bug where the server *isn't* requesting it, but based on these comments, that does not appear to be the case. We will likely WontFix this, for working as intended, for the reasons described above.
Status: Archived
Talked to davidben...  This is working as intended, and is due to incorrectly configured servers (And a horrible client cert UI on Android, which it outside of Chrome's control)
(Also it's been a month and the Needs-Feedback was fairly broadly cast.)

To that end, if you are seeing this on a server, note Ryan's comments above. The server is almost certainly at fault.

On the off chance there is some cause that isn't this one, we can look at network logs to diagnose them. To send us one, please do NOT comment on this bug. Please file a NEW bug at and attach a network log (see
I have the same problem for my website i resolved by installing  file "AddTrustExternalCARoot"
The desktop chrome ^ other mobile browsers won't be asked to install certificate when connecting to the same website. Any idea of it?
Re #49: What URL? And which other Android browser did you try?

Sign in to add a comment