Firefox v72 and self signed client certificates - Problem with expiration date
Categories
(Core :: Security: PSM, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox72 | --- | affected |
People
(Reporter: it.comodoro, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Steps to reproduce:
We have a self signed client certificate installed on client pcs to authenticate access to our apache server.
Actual results:
It worked fine on Firefox 71 but when upgrading to version 72, clients are getting SSL_ERROR_EXPIRED_CERT_ALERT.
Firefox shows correctly the certificate, the expiration date is 12/6/2029, 5:32:05 PM (Argentina Standard Time), but it seems that is not sending it correctly to the server.
Expected results:
Certificate is not expired, so it should be accepted.
Comment 1•5 years ago
|
||
According to this comment [https://bugzilla.mozilla.org/show_bug.cgi?id=1601227#c35] this issue occurs only on firefox 72.
In other notes, a test certificate is needed, or a method to create one along with detailed steps to reproduce in order to confirm it properly.
Comment 2•5 years ago
|
||
Can you attach a packet trace of the TLS handshake in 71 and 72? Thanks!
ok Dana, let me see how I can do this. Thank you for your answer.
Well inspecting the packages revealed that there is a problem with our CA certificate that happened at the same time pcs were upgrading to version 72, so it is NOT a Firefox issue. I am closing this bug resolving it as Invalid.
Thank you for your answers.
Description
•