Search
Clear search
Close search
Google apps
Main menu
true

Are your Chrome devices having WiFi connection problems? Fix now

Use the Certificate Enrollment for Chrome OS extension

This article provides instructions for using the Certificate Enrollment for Chrome OS extension, as well as details about the accessibility features it provides. Before using the extension, ensure that users have access, and that the extension and associated managed policy are properly configured. For more help with setting up the extension, please see the Deployment Guide.

The user flows are broken down by category and explained in their respective sections. The accessibility features across all flows are documented in their own section. Additionally, we provide our license and copyright information at the end of this document. If you have comments or suggestions, please send them via email to certificate-enrollment-cros@google.com.

Note regarding third-party products: This document may describe how Google products work with third-party products and the configurations that Google recommends. Google does not provide technical support for configuring third-party products. Google accepts no responsibility for third-party products. Please consult the product's website for the latest configuration and support information. You may also contact Google solutions providers for consulting services.

Primary user flows

User flows in the extension are broken down into primary and secondary categories. A primary user flow, described in this section, is something a user should typically expect to encounter.

Create a user certificate request

User certificate requests are requests that should result in a certificate being issued for the specific user sending the request, not the overall device. User certificates are only valid for the user logged into that machine, not any other users who may also use the machine.

  1. Click or tab navigate to the Username field.
  2. Enter your username.
  3. Click or tab navigate to the Password field.
  4. Enter your password.
  5. Leave the Device-Wide box unchecked.
Create a device certificate request

Device certificate requests are requests that should result in a certificate being issued for the overall device sending the request, not just the user sending the request. Device certificates are valid for all users belonging to the same organization on the machine, which is typically necessary for devices being used in Public Session or kiosk mode.

  1. Click or tab navigate to the Username field.
  2. Enter your username.
  3. Click or tab navigate to the Password field.
  4. Enter your password.
  5. Check the Device-Wide box.
Send a certificate request

Regardless of the type of request being sent (user or device), the process to send one is the same.

  1. Create either a user or device certificate request, as specified in the steps above.
  2. Navigate to the Enroll button.
  3. Click Enroll.
Successfully receive and import a certificate

Once a request is sent, the ideal outcome is a success response from the server which will include the certificate requested.

  1. Send a Certificate Request, as specified above.
  2. Wait for the response to be received.
  3. When a response is received, a dialog will display with a success message to signify that the certificate was received and imported.
  4. Select Okay in the dialog, hit the escape key, or click outside of the dialog to close it when done.
Receive an error response

Once a request is sent, sometimes the request can fail for a variety of reasons. An error response encapsulates these failures and will inform the user of what the problem is.

  1. Send a Certificate Request, as specified above.
  2. Wait for the response to be received.
  3. When a response is received, a dialog will display with a failure message to signify that something went wrong.
  4. Select Okay in the dialog, hit the escape key, or click outside of the dialog to close it when done.
  5. If the error is correctable (such as invalid username), then performing the correction and resending the request should result in success. If not (such as when the request is denied access by the server), then the user should seek help.

Secondary user flows

Secondary user flows, described below, should occur only rarely.

Receive a Pending Certificate Response

Once a request is sent, sometimes the server can set that request to pending in order for someone to manually review and approve/reject the request later. A pending response encapsulates this flow and will inform the user of the relevant information to check on the status of the request later.

  1. Send a Certificate Request, as specified above.
  2. Wait for the response to be received.
  3. When a response is received, a dialog will display with a pending message to signify that the request was set to pending. It will also display the enrollment URI and request ID of the request, which are necessary to check on it later.
  4. Copy the enrollment URI and request ID somewhere to refer to later.
  5. Select Okay in the dialog, hit the escape key, or click outside of the dialog to close it when done.
Navigate to Pending Request UI

If a user has a pending certificate, then the user may want to check on the certificate’s status at some point. In order to create and send pending certificate requests, the user must navigate to the pending request UI.

  1. Click or tab navigate and select the More Options button.
  2. From the list of options generated, click or tab navigate to the ‘Show extra fields for checking on pending requests?’ option.
  3. Select ‘Show extra fields for checking on pending requests?’ to enable the pending request fields to display.
Navigate Back to Regular Request UI

If a user has previously navigated to the pending request UI, then the user may want to navigate back to the regular at some point.

  1. Click or tab navigate and select the More Options button.
  2. From the list of options generated, click or tab navigate to the Hide extra fields for checking on pending requests?’ option.
  3. Select Hide extra fields for checking on pending requests?’ to disable the pending request fields from displaying.
Create a Pending Certificate Checkup Request

If a user has a pending certificate, then the user may want to check on the certificate’s status at some point. The extension allows this flow very similarly to creating a brand new request.

  1. Navigate to Pending Request UI, as specified above.
  2. Click or tab navigate to the Username field.
  3. Enter your username.
  4. Click or tab navigate to the Password field.
  5. Enter your password.
  6. Click or tab navigate to the Enrollment URI field.
  7. Enter the enrollment URI displayed in a previous pending certificate response.
  8. Click or tab navigate to the Request ID field.
  9. Enter the request ID displayed in a previous pending certificate response.
  10. If the original certificate request was for a device-wide certificate, then check the Device-Wide checkbox. Otherwise, leave the Device-Wide checkbox unchecked.
Send a Pending Certificate Checkup Request

Once a pending certificate checkup request has been created, the user needs to send that request in order to get a response. A pending certificate checkup request can result in a success, failure, or still pending response, which matches the flows already defined above.

  1. Create a Pending Certificate Checkup Request, as specified above.
  2. Navigate to the Check Status button.
  3. Select the Check Status button.
Copy Logs to the Clipboard

Sometimes in cases of errors, it may be helpful for an assistant or administrator to see the full logs of what happened in the extension. In order for a user to obtain these logs, we provide a simple method to copy them to the user’s clipboard.

  1. Click or tab navigate and select the More Options button.
  2. From the list of options generated, click or tab navigate to the ‘Copy Logs to Clipboard’ option.
  3. Select ‘Copy Logs to Clipboard’ to have the logs copied to the user’s clipboard.
  4. From here, the user can paste these logs anywhere the user chooses through the normal process for the user’s device.

Accessibility features

Nearly all flows given in the User Flows section above can be accessed from a plurality of input devices. Mainly, the entire extension can be navigated via only mouse or only keyboard or any combination thereof. It should also be straightforward to navigate in high contrast or magnified modes as well as with a screen reader device.

If you run into any accessibility issues, please contact our team at certificate-enrollment-cros@google.com so that we can address and fix it as soon as possible. Please include as many details as possible and specify that you would like to report a bug in the subject header.

Was this article helpful?
How can we improve it?