X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

Client certificate selection seems to be broken in Firefox 70

Được đăng

Until version 69, I was happily working with two client certificates for the same server using *Select one automatically* option; Firefox was choosing the correct certificate for either of the two server-side applications. Since version 70, it doesn't seem to do so anymore. It seems to choose a random(?) certificate out of the two which makes one application work, the other one fails with an SSL error: either SSL_ERROR_UNKNOWN_CA_ALERT or SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT.

When selecting *Ask you every time* option, I can select the appropriate certificate and connect to both application. However, it's not remembering the corresponding certificate and after restarting Firefox, it will suggest the first certificate again (which is correct for one application but wrong for the other). This is another indication that Firefox is not able anymore to choose an appropriate certificate when requested by the server.

Did the *Select one automatically* option or underlying certificate selection mechanisms change with version 70?

How exactly is the certificate selection *supposed to work*? Which parameters of the server's certificate request are used to select the appropriate certificate from my local database?

Is there some debug logging I can turn on to further investigate this problem?

Thanks for any ideas!

-Marc

Until version 69, I was happily working with two client certificates for the same server using *Select one automatically* option; Firefox was choosing the correct certificate for either of the two server-side applications. Since version 70, it doesn't seem to do so anymore. It seems to choose a random(?) certificate out of the two which makes one application work, the other one fails with an SSL error: either SSL_ERROR_UNKNOWN_CA_ALERT or SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT. When selecting *Ask you every time* option, I can select the appropriate certificate and connect to both application. However, it's not remembering the corresponding certificate and after restarting Firefox, it will suggest the first certificate again (which is correct for one application but wrong for the other). This is another indication that Firefox is not able anymore to choose an appropriate certificate when requested by the server. Did the *Select one automatically* option or underlying certificate selection mechanisms change with version 70? How exactly is the certificate selection *supposed to work*? Which parameters of the server's certificate request are used to select the appropriate certificate from my local database? Is there some debug logging I can turn on to further investigate this problem? Thanks for any ideas! -Marc
Trích dẫn

Chi tiết hệ thống bổ sung

Phần bổ trợ đã cài đặt

  • Shockwave Flash 32.0 r0

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0

Thông tin chi tiết

Dinushi Dhananjani
  • Top 25 Contributor
4 giải pháp 202 câu trả lời
Được đăng

To clear your SSL session state in Firefox choose History -> Clear Recent History... and then select "Active Logins" and click "Clear Now". Then the next time you connect to your SSL server Firefox will prompt for which certificate to use.

To clear your SSL session state in Firefox choose History -> Clear Recent History... and then select "Active Logins" and click "Clear Now". Then the next time you connect to your SSL server Firefox will prompt for which certificate to use.
Bài viết này có hữu ích với bạn không? 0
Trích dẫn

Người tạo câu hỏi

Unfortunately my problem is exactly the opposite: I don't want to be prompted but Firefox should select the correct certificate automatically.

As written above, to me it seems that something changed (or even broke?) here with Firefox 70.

-Marc

Unfortunately my problem is exactly the opposite: I don't want to be prompted but Firefox should select the correct certificate automatically. As written above, to me it seems that something changed (or even broke?) here with Firefox 70. -Marc
Bài viết này có hữu ích với bạn không?
Trích dẫn
Senali Madawala
  • Top 25 Contributor
2 giải pháp 157 câu trả lời
Được đăng

this is about the user interface and preferences if TLS/SSL is used for client authentication.

may help: https://bugzilla.mozilla.org/show_bug.cgi?id=356060

this is about the user interface and preferences if TLS/SSL is used for client authentication. may help: https://bugzilla.mozilla.org/show_bug.cgi?id=356060
Bài viết này có hữu ích với bạn không? 0
Trích dẫn

Người tạo câu hỏi

Thanks, Senali. Unfortunately I can't see how that applies to my problem.

Thanks, Senali. Unfortunately I can't see how that applies to my problem.
Bài viết này có hữu ích với bạn không?
Trích dẫn

Người tạo câu hỏi

A document related to client certificate selection: https://wiki.mozilla.org/PSM:CertPrompt

A document related to client certificate selection: https://wiki.mozilla.org/PSM:CertPrompt
Bài viết này có hữu ích với bạn không?
Trích dẫn
Đặt một câu hỏi

Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.