X
Tap here to go to the mobile version of the site.
Scheduled maintenance: Thursday, April 2, between 3pm and 5pm UTC. This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn’t solve your issue and you want to ask a question, we have our support community waiting to help you at @firefox on Twitter

منتدى الدعم

Cannot use our self signed client certificates

Posted

In order to monitor our application at client sites, we have added a monitoring page (using apache). To prevent preying eyes, we require clients to identify them selves using a client certificate. This used to work until a few weeks ago, but now we are having problems using firefox. It keeps stating a SSL_ERROR_HANDSHAKE_FAILURE_ALERT error, and we cannot accessing the pages.

I have already added our Root CA and intermediate CA (used to sign the client certs) in both firefox and the windows certificate store, But the problem is not yet resolved.

The subdomain is protected with a an Organization Validated certficate from an official CA authority. Apparently we are missing something, but i can't see what is causing this issue.

If i disable the requirement for a client certificate, the site is accessible, but that is not really an option here.

In order to monitor our application at client sites, we have added a monitoring page (using apache). To prevent preying eyes, we require clients to identify them selves using a client certificate. This used to work until a few weeks ago, but now we are having problems using firefox. It keeps stating a SSL_ERROR_HANDSHAKE_FAILURE_ALERT error, and we cannot accessing the pages. I have already added our Root CA and intermediate CA (used to sign the client certs) in both firefox and the windows certificate store, But the problem is not yet resolved. The subdomain is protected with a an Organization Validated certficate from an official CA authority. Apparently we are missing something, but i can't see what is causing this issue. If i disable the requirement for a client certificate, the site is accessible, but that is not really an option here.
Quote

Additional System Details

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0

More Information

Roland Tanglao
  • Administrator
77 solutions 847 answers

Hi Fabien:

Do you follow the instructions in the followin article to enable Windows certificate store?

Please let us know.

Cheers! ...Roland

Hi Fabien: Do you follow the instructions in the followin article to enable Windows certificate store? * https://support.mozilla.org/kb/how-disable-enterprise-roots-preference Please let us know. Cheers! ...Roland
هل وجدت هذا مفيدًا؟
Quote

صاحب السؤال

Hi Roland,

Thanks for responding to my query. I have tried that solution (both 'on' and 'off') but that did not change the outcome.

Regards,

Fabien H. Dumay

Hi Roland, Thanks for responding to my query. I have tried that solution (both 'on' and 'off') but that did not change the outcome. Regards, Fabien H. Dumay
هل وجدت هذا مفيدًا؟
Quote
اطرح سؤالا

عليك الولوج إلى حسابك للردّ على المشاركات. من فضلك اطرح سؤالًا جديدًا لو لم يكن لديك حساب بعد.