This section describes how to add or delete a client certificate to or from Google Chrome for macOS.
On macOS, client certificates are managed in "Keychain Access".

For details on using macOS, refer to the Apple support page and manuals.

This section explains the scenario using the following environment as an example.

• OS: macOS version 10.13.6
• Google Chrome: 80.0.3987.132

This section describes how to add the client certificate to Google Chrome for macOS.

1. Receive a client certificate and client certificate password from your system administrator.
   If the system administrator allows the client certificate to be downloaded, you can obtain the client certificate and password by yourself.
   For the procedure to obtain a password, confirm Steps 1 and 2 of When Client Certificate Authentication is used.

2. Double-click the client certificate named "(your login name).pfx".
   Keychain Access starts.

3. Enter the client certificate password obtained in Step 1 and click OK.
   
   The client certificate is automatically added to "Keychain Access".

4. On the "Keychain Access" screen, double-click the "(Login name of the user)@(subdomain name).s.cybozu.cn" certificate.
   

5. On the displayed screen, click the icon to the left of "Trust".
   

6. From the "When using this certificate:" dropdown list, select "Always Trust", and then close the screen.
   

7. On the password entry screen, enter the administrator name and password for the computer being used, and then click Update Settings.
   
   When adding the client certificate is successful, a "+" is added to the "Keychain Access" screen icon.
   

8. Click the client certificate while pressing the Control key, and then select "New Identity Preference".
   

9. In "Location or Email Address:", enter "https://(subdomain name).s.cybozu.cn", and then click Add.
   The subdomain name is included in the certificate name.

   • Example of certificate name:
     (Login name of the user)@(subdomain name).s.cybozu.cn

   

10. Close "Keychain Access".

11. Start Chrome and access "https://(subdomain name).s.cybozu.cn".
    If the certificate selection screen is displayed, select the relevant certificate and click OK.
    
    If the confirmation screen is displayed, enter the password for your computer and click Always Allow.
    After the login screen of your environment is displayed, confirm whether you can access a service or not.

Replace an existing client certificate with a new one.

1. Obtain a new client certificate and its password from your system administrator.

2. Remove the old client certificate.
   Removing client certificate

3. Add a new client certificate.
   Adding client certificate

Delete the client certificate.

1. Open the "Keychain Access" screen.
   Perform one of the operations below.

   • Click in the Dock.
     Apple Help: Use the Dock on Mac
   • Click on the Dock, and then search for "Keychain Access".
     Apple Help: Use Launchpad to view and open apps on Mac

2. While pressing the Control key, click on the client certificate to delete "(Login name of the user)@(subdomain name).s.cybozu.cn", and then select "Delete "(Login name of the user)@(subdomain name).s.cybozu.cn"".
   

3. Click Delete on the confirmation screen.
   

4. On the password entry screen, enter the administrator name and password for the computer being used, and then click Update Settings.
   

5. While pressing the Control key, click on the Identity Preference to delete "https://(subdomain name).s.cybozu.cn", and then select "Delete "https://(subdomain name).s.cybozu.cn"".
   

6. Click Delete on the confirmation screen.
   

7. While pressing the Control key, click on a secret key "cybozu.cn client certificate" to delete, and then select "Delete 'cybozu.cn client certificate'".
   

8. Click Delete on the confirmation screen.
   Now the client certificate has been deleted.