Geek Answers Handbook

Client Certificates and Firefox

I need help to understand what is happening with my web application. I have a simple web application (C # .Net 2.0) using smart card authentication. In my test field (win 2k3 32 bits, iis6) everything works fine, but in my production box (win2k3 64 bits, iis6) firefox cannot send the certificate located on the map to the server (Request.ClientCertificate collection is empty). If I try to browse the same site with IE (6, 7 and 8) or Safari, it will work.

The IIS configuration on both servers is the same: the same ssl certificates, the same CTL. I read a lot about firefox issues with certificates, but none of them match mine.

If any of you can make it clear what is happening, I will be very grateful.

Glauco.

+4
source share
2 answers

You run Firefox on the same computer (and therefore the difference is 64/32 bit) or both times on the same client computer (I would assume that it is 32 bits) and it does not work for you when the server is different (64 bit)?

Does Firefox observe the certificate (Preferences → Advanced → Encryption → “View certificates → My certificates” and “Security devices”)? Turn on Ask Every Time to select a certificate and make sure Firefox is really trying to use the map.

What card (manufacturer, type) and software (PKCS provider No. 11) do you use?

+1
source

Disclaimer: This is based only on my own observations.

Starting with version 22.0, Firefox will not present a client certificate at all if the CN ("common name") certificate field of the server certificate is a DNS name but does not match the host it is talking to (ie the host name in the URL string )

If you think this may be your problem, you can test it either by making sure that the host you are requesting is the one in the CN field of the server’s certificate, or by providing a self-signed certificate with a dumb value like “Jim Bob” in the CN field .

+1
source

More articles:


All Articles