Client certificate-based authentication results in HTTP 403.7

RESOLVED INCOMPLETE

Status

()

Core
Security: PSM
--
major
RESOLVED INCOMPLETE
11 years ago
2 years ago

People

(Reporter: Andrey ``Bass'' Shcheglov, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

11 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070509 SeaMonkey/1.1.2
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20070509 SeaMonkey/1.1.2

Whenever I try to connect to a site which requires an X.509 certificate-based authentication (assuming  I do have such a certificate), I get a HTTP 403.7 error.

The first example to give is a WebMoney site (see URL).

This is not caused by a certificate which is expired etc., for the same cert-based auth does work in Opera (9.21, Linux-IA32).

Mozilla versions tested are SeaMonkey 1.1.1 and SeaMonkey 1.1.2.
Nothing is known about Firefox.

Reproducible: Always




Several people over the internet have the same problem:
http://lists.altlinux.org/pipermail/sisyphus/2006-September/087166.html (in Russian),
http://forums.mozillazine.org/viewtopic.php?t=560508.

Comment 1

11 years ago
I can't read russian.

It would be helpful if you could use the ssltap utility to produce a trace of the SSL handshake between the SSL server and the SSL client (your browser).

You might also want to produce an human readable dump of your cert
(Reporter)

Comment 2

11 years ago
> I can't read russian.

Not ever I would force you to :)
I just mentioned it to point out I'm not the only person experiencing this problem. The second link is in English, BTW.

I'll play with ssltap once I get a spare minute and get back to you with the results.

Comment 3

8 years ago
Mass change owner of unconfirmed "Core:Security UI/PSM/SMime" bugs to nobody.
Search for kaie-20100607-unconfirmed-nobody
Assignee: kaie → nobody
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.