Firefox doesn't prompt for client certificate with Mutual TLS
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: joaquin, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0
Steps to reproduce:
- Create self-signed certificate/key, server cert/key, client cert/key
- Convert client cert/key to .p12 format, with password of
passwordopenssl pkcs12 -export \ -out laptopuser.p12 \ -in tls/client.laptopuser.crt \ -inkey tls/client.laptopuser.key - Import
ca.crtinto browser, i.e. Settings -> Privacy and Security -> Security -> Manage Certificates -> Authorities - Import client cert
laptopuser.p12into browser, i.e. Preferences -> Prvacy & Security -> View Certificates -> Your Certificates - Connect to web services with https://localhost:8080
Have explicit tests, tools, etc. to automate reproducing this:
Actual results:
I am not able to connect to the web service and I am not prompted to use the client certificate.
Expected results:
I would be prompted to select a client certificate when I try to connect to the service requiring Mutual TLS.
This works fine under Chrome with KeyChain stored Root CA and client cert. I can also verify this works with curl when specifying the client certificate from the command line.
|
||
Comment 1•5 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
|
||
Comment 2•5 years ago
|
||
Can you attach the client certificate and CA certificate to this bug? Thanks! (no need for the key)
|
|
||
Comment 5•5 years ago
|
||
Thanks. Can you run Firefox with the environment variable MOZ_LOG set to pipnss:4, try to connect to that site, and attach the output that results from that here?
|
|
||
Updated•5 years ago
|
Let me try these things, and follow up before closing.
Description
•