搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

Learn More

Firefox using an expired certificate instead of a current one to authenticate access to a secured website

  • 1 个回答
  • 0 人有此问题
  • 6 次查看
  • 最后回复者为 furd

more options

I work at MIT, where personal certificates are issued by MIT to control access to restricted websites and campus resources.

The certificates expire after a year and have to be renewed.

For all of 2022, my Firefox correctly used my 2022 certificate to access websites, even though I also had expired 2020 and 2021 certificates stored and listed in the Certificate Manager.

Our 2022 certificates expired on July 31. I already had installed my 2023 certificate in the Certificate Manager, where it is presently listed. HOWEVER, Firefox seems to be offered up the expired certificate to all my MIT websites, despite the fact it's expired.

I have tried removing my "Active Logins" in the History:Clear Recent History... dialog, but that makes no difference.

There ought to be some way to instruct Firefox NOT to automatically pick what it used to use, and use something new, but I cannot figure out how to force such a thing.

Ideas?

I work at MIT, where personal certificates are issued by MIT to control access to restricted websites and campus resources. The certificates expire after a year and have to be renewed. For all of 2022, my Firefox correctly used my 2022 certificate to access websites, even though I also had expired 2020 and 2021 certificates stored and listed in the Certificate Manager. Our 2022 certificates expired on July 31. I already had installed my 2023 certificate in the Certificate Manager, where it is presently listed. HOWEVER, Firefox seems to be offered up the expired certificate to all my MIT websites, despite the fact it's expired. I have tried removing my "Active Logins" in the History:Clear Recent History... dialog, but that makes no difference. There ought to be some way to instruct Firefox NOT to automatically pick what it used to use, and use something new, but I cannot figure out how to force such a thing. Ideas?

所有回复 (1)

more options

Nevermind -- MIT supplies a tool that helps us with this that has taken care of it - it "updates" our identity preferences AFTER asking us to specify the correct certificate from the Keychain

However, I can imagine that others without that infrastructure might want to know the answer to this.