Advanced Certification Request in Edge Chromium

%3CLINGO-SUB%20id%3D%22lingo-sub-1520740%22%20slang%3D%22en-US%22%3EAdvanced%20Certification%20Request%20in%20Edge%20Chromium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1520740%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20request%20advanced%20certificate%20from%20certification%20authority%20via%20Edge%20Chromium%20(version%26nbsp%3B%3CSPAN%3E83.0.478.58%3C%2FSPAN%3E).%20The%20CA%20supports%20only%20http%20connection.%20I%20am%20connecting%20to%20CA%20in%20IE%20mode.%20The%20CA%20is%20in%20the%20Intranet%20zone.%20When%20I%20clicked%20on%20the%20link%20%22Create%20and%20submit%20a%20request%20to%20this%20CA%22%20the%20information%20%22The%20Web%20site%20is%20attempting%20to%20perform%20a%20digital%20certificate%20operation%20on%20your%20behalf....%22%20was%20not%20displayed%20and%20on%20the%20page%20with%20Advanced%20Certificate%20Request%20the%20CSP%20field%20did%20not%20display%20providers%20there%20was%20only%20Loading%20message.%20In%20IE%20on%20the%20same%20computers%20everything%20works%20fine.%26nbsp%3B%20Could%20you%20please%20give%20me%20some%20advice%20how%20to%20solve%20this%20issue%20in%20Edge%20Chromium%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1523049%22%20slang%3D%22en-US%22%3ERe%3A%20Advanced%20Certification%20Request%20in%20Edge%20Chromium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1523049%22%20slang%3D%22en-US%22%3EHi%2C%3CBR%20%2F%3EI%20don't%20think%20the%20IE%20mode%20inside%20Edge%20supports%20the%20intranet%20sites%20settings.%20though%20you%20can%20request%20your%20certificate%20in%20the%20normal%20Edge%20mode%2C%20i.e%20without%20going%20through%20the%20IE%20mode.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1523413%22%20slang%3D%22en-US%22%3ERe%3A%20Advanced%20Certification%20Request%20in%20Edge%20Chromium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1523413%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F310193%22%20target%3D%22_blank%22%3E%40HotCakeX%3C%2FA%3E%26nbsp%3B%20thank%20you%20for%20response.%3C%2FP%3E%3CP%3EIn%20normal%20Edge%20mode%20when%20I%20clicked%20on%20advanced%20certificate%20request%20I%20was%20directly%20redirected%20to%20%22Submit%20a%20certificate%20request%20by%20using%20a%20base-64-encoded%20CMC%20or%20PKCS%20%2310%20file%2C%20or%20submit%20a%20renewal%20request%20by%20using%20a%20base-64-encoded%20PKCS%20%237%20file.%20%22%20page.%3C%2FP%3E%3CP%3EThe%20page%20where%20I%20have%20option%20to%20select%20%22Create%20and%20submit%20a%20request%20to%20this%20CA.%20%22%20or%26nbsp%3B%20%22Submit%20a%20certificate%20request%20by%20using%20a%20base-64-encoded%20CMC%20or%20PKCS%20%2310%20file%2C%20or%20submit%20a%20renewal%20request%20by%20using%20a%20base-64-encoded%20PKCS%20%237%20file.%20%22%20was%20not%20displayed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1719626%22%20slang%3D%22en-US%22%3ERe%3A%20Advanced%20Certification%20Request%20in%20Edge%20Chromium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1719626%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F727946%22%20target%3D%22_blank%22%3E%40VjekoV%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20think%20this%20is%20technological%20limitation%20of%20Edge%20Chromium%2C%20it%20doesnt%20support%20needed%20technology%20(ActiveX).%3C%2FP%3E%3CP%3EThe%20Web%20Enrollment%20role%20hasn't%20goten%20virtually%20any%20update%20since%20WS%202008%20%2C%20seems%20development%20of%20it%20is%20pretty%20abandoned.%20Just%20keep%20some%20IE's.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Ftroubleshoot%2Fbrowsers%2Fcsp-shows-loading-for-certificate-request%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Ftroubleshoot%2Fbrowsers%2Fcsp-shows-loading-for-certificate-request%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1728877%22%20slang%3D%22en-US%22%3ERe%3A%20Advanced%20Certification%20Request%20in%20Edge%20Chromium%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1728877%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F32395%22%20target%3D%22_blank%22%3E%40Andres%20Pae%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20response.%20We%20are%20trying%20to%20simplify%20environment%20as%20much%20as%20possible%20but%20it%20seems%20that%20vision%20to%20have%20only%20one%20web%20browser%20is%20not%20realistic.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

Hi,

I am trying to request advanced certificate from certification authority via Edge Chromium (version 83.0.478.58). The CA supports only http connection. I am connecting to CA in IE mode. The CA is in the Intranet zone. When I clicked on the link "Create and submit a request to this CA" the information "The Web site is attempting to perform a digital certificate operation on your behalf...." was not displayed and on the page with Advanced Certificate Request the CSP field did not display providers there was only Loading message. In IE on the same computers everything works fine.  Could you please give me some advice how to solve this issue in Edge Chromium? 

 

 

9 Replies
Hi,
I don't think the IE mode inside Edge supports the intranet sites settings. though you can request your certificate in the normal Edge mode, i.e without going through the IE mode.

@HotCakeX  thank you for response.

In normal Edge mode when I clicked on advanced certificate request I was directly redirected to "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. " page.

The page where I have option to select "Create and submit a request to this CA. " or  "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file. " was not displayed.

 

@VjekoV 

I think this is technological limitation of Edge Chromium, it doesnt support needed technology (ActiveX).

The Web Enrollment role hasn't goten virtually any update since WS 2008 , seems development of it is pretty abandoned. Just keep some IE's.

https://docs.microsoft.com/en-us/troubleshoot/browsers/csp-shows-loading-for-certificate-request

 

@Andres Pae 

Thank you for response. We are trying to simplify environment as much as possible but it seems that vision to have only one web browser is not realistic.

@VjekoV  I got little more information from MS.

Indeed - the webpage hasnt gotten any recent updates to make it compatible with Edge. Currently IE engine is present on all supported MS Windows OS'es , and remains there until lifecycle ends. So "easy" solution is to remeber to open certificate enrollment page always with IE. If You need more Enterprise solution - You should investigate Edge IE  Enterprise mode ( which allows automatic redirection/opening of listed sites in IE) - https://docs.microsoft.com/en-us/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie...

 

@Andres Pae 

I do realize this is an old post, but here we are 2021 October and now Windows 11 doesn't include IE at all. Haven't had a chance to try Server 2021 to see if its pki finally fixed this problem? Seems like a MASSIVE miss if it doesn't fix the problem.

I couldn't agree more, March 2022 now and Microsoft has dropped the ball on updating the ancient Certificate self service portal big time, they have not done anything with PKI since ripping it out of Exchange way back in the day, and digitial certs are mainstream now, I guess they just want us to go Commercial, think GoDaddy and DigiCert and the like

@J 1901 Commercial (at least standard solution)  is no option for company using PKI heavily in infra ( for example automatically enrolling and renewing user/device certificates , 802.1X authentication, etc) . And this part is working well. If Your company size is thousands of endpoints it should be handled automatically ( GPO, certificate templates does great job here) BUT some part is stuck in history which makes entire MS PKI solution not modern :( .  

Why is this still not addressed? Every time I perform a certificate operation, I'm reminded that support for IE is ending June 15, and Edge still doesn't perform this task. Is Microsoft asleep at the wheel on this? How are they retiring a security-critical dependency without replacing it? IE 11 was released in 2013 so they've had nearly TEN YEARS to solve this or to document whatever replacement they've implemented to those still dependent upon an expiring product. Please tell me that I'm the one being stupid and just missing the answer somehow?