Closed Bug 426151 Opened 17 years ago Closed 16 years ago

Certificates are requested again for the same site

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: harold.snippe, Assigned: KaiE)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 This bug has been identified on both Mac and Windows (XP) PC's. We are using a monitoring system (Nagios) on a https/SSL protocol, port 443 (server side). Due to the nature of monitoring this needs to refresh every five minutes. As of version 2.0.0.13 Firefox now "randomly" requests to confirm the certificate. On Win MSIE works OK and so does Safari on Mac, so this is not likely to be server related. Also it started to happen after a software update to 2.0.0.13. Reproducible: Always Steps to Reproduce: 1. install a https with auto-refresh on a server 2. connect and confirm certificate 3. wait for a < 20 refreshes; will ask for certicicate again Actual Results: A "is this the correct certificate" dialog box popped up. If confirmed instantly clicking OK would lead to loading the page. But when we were not there immediately the page timed out. Expected Results: Refreshed page without dialog (same page, same certificate)
Assignee: nobody → kengert
Component: General → Security: PSM
Product: Firefox → Core
QA Contact: general → psm
Just wondering: Why not use mail notifications or such in Nagios? Do you accept the cert for this session only or permanently?
We do use mail and sms notifications. In our office though we have some large plasma screens with all statuses of all servers. Since we have a large amount of services to monitor, sysadmins tend to ignore mail notifications. SMS is only for business critical failures. The screens have the nice visual effect that you can easily identify new problem areas. So far for Nagios We do accept certs permanently. In fact there is only one client side cert installed on the work stations that query Nagios. When the certificate dialog pops up it gives us the possibility to select from exactly one certificate. The behavior is like if we'd accept a session cert and then the session expires.
You're talking about client certificates, right? Sounds like session negotiation and "Select one automatically" is turned off for client certificate selection.
Harold, using recent Firefox 2.0.x and Firefox 3.5.x you should see that the user interface includes a "remember this decision" checkbox, that is even checked by default. It will remember the decision for the remainder of your session. This feature is NOT contained in Firefox 3.0.x if I remember correctly. Does this work for you? If you would like to follow the future features of client authentication, you could watch bug 159274 and its dependencies. Closing this one. Please reopen if you disagree.
Status: UNCONFIRMED → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.