Firefox doesn't prompt for client certificate with Mutual TLS
Categories
(Core :: Security: PSM, defect)
Tracking
()
People
(Reporter: joaquin, Unassigned)
Details
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:80.0) Gecko/20100101 Firefox/80.0
Steps to reproduce:
- Create self-signed certificate/key, server cert/key, client cert/key
- Convert client cert/key to .p12 format, with password of
passwordopenssl pkcs12 -export \ -out laptopuser.p12 \ -in tls/client.laptopuser.crt \ -inkey tls/client.laptopuser.key - Import
ca.crtinto browser, i.e. Settings -> Privacy and Security -> Security -> Manage Certificates -> Authorities - Import client cert
laptopuser.p12into browser, i.e. Preferences -> Prvacy & Security -> View Certificates -> Your Certificates - Connect to web services with https://localhost:8080
Have explicit tests, tools, etc. to automate reproducing this:
Actual results:
I am not able to connect to the web service and I am not prompted to use the client certificate.
Expected results:
I would be prompted to select a client certificate when I try to connect to the service requiring Mutual TLS.
This works fine under Chrome with KeyChain stored Root CA and client cert. I can also verify this works with curl when specifying the client certificate from the command line.
|
||
Comment 1•4 years ago
|
||
Bugbug thinks this bug should belong to this component, but please revert this change in case of error.
Can you attach the client certificate and CA certificate to this bug? Thanks! (no need for the key)
Thanks. Can you run Firefox with the environment variable MOZ_LOG set to pipnss:4, try to connect to that site, and attach the output that results from that here?
Let me try these things, and follow up before closing.
Description
•