Closed Bug 1608057 Opened 5 years ago Closed 5 years ago

Firefox v72 and self signed client certificates - Problem with expiration date

Categories

(Core :: Security: PSM, defect)

72 Branch
defect
Not set
normal

Tracking

()

RESOLVED INVALID
Tracking Status
firefox72 --- affected

People

(Reporter: it.comodoro, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Steps to reproduce:

We have a self signed client certificate installed on client pcs to authenticate access to our apache server.

Actual results:

It worked fine on Firefox 71 but when upgrading to version 72, clients are getting SSL_ERROR_EXPIRED_CERT_ALERT.
Firefox shows correctly the certificate, the expiration date is 12/6/2029, 5:32:05 PM (Argentina Standard Time), but it seems that is not sending it correctly to the server.

Expected results:

Certificate is not expired, so it should be accepted.

According to this comment [https://bugzilla.mozilla.org/show_bug.cgi?id=1601227#c35] this issue occurs only on firefox 72.

In other notes, a test certificate is needed, or a method to create one along with detailed steps to reproduce in order to confirm it properly.

Has STR: --- → no
See Also: → 1601227

Can you attach a packet trace of the TLS handshake in 71 and 72? Thanks!

Flags: needinfo?(it.comodoro)

ok Dana, let me see how I can do this. Thank you for your answer.

Flags: needinfo?(it.comodoro)

Well inspecting the packages revealed that there is a problem with our CA certificate that happened at the same time pcs were upgrading to version 72, so it is NOT a Firefox issue. I am closing this bug resolving it as Invalid.
Thank you for your answers.

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.