Closed Bug 1608057 Opened 5 years ago Closed 5 years ago

Firefox v72 and self signed client certificates - Problem with expiration date


(Core :: Security: PSM, defect)

72 Branch
Not set



Tracking Status
firefox72 --- affected


(Reporter: it.comodoro, Unassigned)



User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Steps to reproduce:

We have a self signed client certificate installed on client pcs to authenticate access to our apache server.

Actual results:

It worked fine on Firefox 71 but when upgrading to version 72, clients are getting SSL_ERROR_EXPIRED_CERT_ALERT.
Firefox shows correctly the certificate, the expiration date is 12/6/2029, 5:32:05 PM (Argentina Standard Time), but it seems that is not sending it correctly to the server.

Expected results:

Certificate is not expired, so it should be accepted.

According to this comment [] this issue occurs only on firefox 72.

In other notes, a test certificate is needed, or a method to create one along with detailed steps to reproduce in order to confirm it properly.

Has STR: --- → no
See Also: → 1601227

Can you attach a packet trace of the TLS handshake in 71 and 72? Thanks!

Flags: needinfo?(it.comodoro)

ok Dana, let me see how I can do this. Thank you for your answer.

Flags: needinfo?(it.comodoro)

Well inspecting the packages revealed that there is a problem with our CA certificate that happened at the same time pcs were upgrading to version 72, so it is NOT a Firefox issue. I am closing this bug resolving it as Invalid.
Thank you for your answers.

Closed: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.