X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

How to configure JSS 4 with Firefox 21.0 to to use with HTTPS client authentication? It´s supposed that JSS allows an applet to access Mozilla user´s cert

Posted

We are trying to use HTTPS client certificate based authentication to access a Java Applet in Firefox v21.0. We have followed the instructions as per the below two urls to enable JSS 4 -

https://developer.mozilla.org/en-US/docs/JSS/Using_JSS
http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/keystores.html
http://download.java.net/jdk8/docs/technotes/guides/deployment/deployment-guide/keystores.html

We are using JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM in Firefox v21 but we are getting -
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured

followed by SSK handshake failure when trying to load the client certificate.

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
 at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
 at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
 at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
 at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
 at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
 at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
 at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
 at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
 at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
 at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
 at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
 at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)

The client cert based authentication is working when using IE v8 and IE v9 with the same JRE version (JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM)

Any help to resolve this issue will be very much appreciated.

Modified by cor-el

Additional System Details

Installed Plug-ins

  • Next Generation Java Plug-in 10.25.2 for Mozilla browsers
  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • Citrix Online App Detector Plugin
  • Adobe PDF Plug-In For Firefox and Netscape 10.1.7
  • Google Update
  • Google Talk Plugin Video Accelerator version:0.1.44.28
  • Version 3.18.3.12840
  • ActiveTouch General Plugin Container Version 105
  • Shockwave Flash 11.6 r602
  • iTunes Detector Plug-in
  • 5.1.20125.0
  • HttpWatch Basic - HTTP Viewer for Firefox
  • The plug-in allows you to open and edit files using Microsoft Office applications
  • Office Authorization plug-in for NPAPI browsers

Application

  • Firefox 21.0
  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0
  • Support URL: http://support.mozilla.org/1/firefox/21.0/WINNT/en-US/

Extensions

  • Troubleshooter 1.1a (troubleshooter@mozilla.org)
  • HttpWatch Basic Edition 8.5.5 ({1E2593B2-E106-4697-BCE7-A9D30DE05D73}) (Inactive)

Javascript

  • incrementalGCEnabled: True

Graphics

  • adapterDescription: Intel(R) HD Graphics
  • adapterDescription2:
  • adapterDeviceID: 0x0046
  • adapterDeviceID2:
  • adapterDrivers: igdumd64 igd10umd64 igdumdx32 igd10umd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • clearTypeParameters: Gamma: 2200 Pixel Structure: RGB ClearType Level: 100 Enhanced Contrast: 300
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.2.9200.16492
  • driverDate: 1-10-2012
  • driverDate2:
  • driverVersion: 8.15.10.2622
  • driverVersion2:
  • info: {u'AzureCanvasBackend': u'direct2d', u'AzureFallbackCanvasBackend': u'cairo', u'AzureContentBackend': u'direct2d'}
  • isGPU2Active: False
  • numAcceleratedWindows: 1
  • numTotalWindows: 1
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics)
  • windowLayerManagerType: Direct3D 10

Modified Preferences

  • accessibility.typeaheadfind.flashBar: 0
  • browser.cache.disk.capacity: 358400
  • browser.cache.disk.smart_size.first_run: False
  • browser.cache.disk.smart_size.use_old_max: False
  • browser.cache.disk.smart_size_cached_value: 358400
  • browser.places.smartBookmarksVersion: 4
  • browser.startup.homepage_override.buildID: 20130511120803
  • browser.startup.homepage_override.mstone: 21.0
  • dom.w3c_touch_events.expose: False
  • extensions.lastAppVersion: 21.0
  • gfx.direct3d.checkDX10: False
  • network.cookie.prefsMigrated: True
  • places.database.lastMaintenance: 1371669233
  • places.history.expiration.transient_current_max_pages: 103775
  • plugin.disable_full_page_plugin_for_types: application/pdf
  • privacy.sanitize.migrateFx3Prefs: True
  • security.disable_button.openCertManager: False

Misc

  • User JS: No
  • Accessibility: No
ktest 0 solutions 1 answers

Helpful Reply

Hi,

Did you add your client certificate(.pfx) into Firefox Certificate Store/Manager? Google Chrome and IE use the same Certificate Store. Firefox use it's own. File ->Options->Advanced->View Certificates.

Modified by ktest

Helpful Reply

Thank you for your response. Yes we have added the client certificate file (.pfx) in the Firefox browser Certificate manager / Store. It's also showing the certificate in the View Certificate window. We could not resolve it yet.