I have two certificates from "TestCA Certificate Manager" from http://testca.netscape.com Now I go to: https://testca.netscape.com:500/ and Mozilla seems to take and present one of my two certificates automaticlly without asking me if I want to show the cert at all. If a spammer set up a cert login site I would automaticly show me the cert? 20030306
There is a preference to allow you to choose which cert to present during client auth. Edit>Prefs>Privacy>Certificates>Ask Every time. "If spammer set up a cert login site", you would not have a valid cert to present. Your two certs are only valid at https://testca.netscape.com:500/
Version: unspecified → 2.4
I kind of thought that "Select automaticlly" would only do it's thing if there was only one certificate to choose from. When having two certificate that's possible to show I would assume that Mozilla would ask me. Other than that doesn't make sense. And shouldn't the default pref be reverse, so it was set to ask every time?
Mozilla assumes that you want to submit the most recently acquired cert, unless you choose "Ask Every Time". Mozilla is designed with "Select Automatically" the default selection, since most users have only one valid cert to use for Client Auth at each site requiring it.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → WORKSFORME
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.