This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to configure JSS 4 with Firefox 21.0 to to use with HTTPS client authentication? It´s supposed that JSS allows an applet to access Mozilla user´s cert

  • 2 cavab
  • 6 have this problem
  • 10 views
  • Last reply by arindaml

more options

We are trying to use HTTPS client certificate based authentication to access a Java Applet in Firefox v21.0. We have followed the instructions as per the below two urls to enable JSS 4 -

https://developer.mozilla.org/en-US/docs/JSS/Using_JSS
http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/keystores.html
http://download.java.net/jdk8/docs/technotes/guides/deployment/deployment-guide/keystores.html

We are using JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM in Firefox v21 but we are getting -
security: Accessing keys and certificate in Mozilla user profile: null
security: JSS is not configured

followed by SSK handshake failure when trying to load the client certificate.

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.Alerts.getSSLException(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
 at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
 at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
 at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
 at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source)
 at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source)
 at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source)
 at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source)
 at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source)
 at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source)
 at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source)
 at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source)
 at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source)
 at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source)
 at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
 at java.lang.ClassLoader.loadClass(Unknown Source)
 at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
 at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source)
 at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)

The client cert based authentication is working when using IE v8 and IE v9 with the same JRE version (JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM)

Any help to resolve this issue will be very much appreciated.

We are trying to use HTTPS client certificate based authentication to access a Java Applet in Firefox v21.0. We have followed the instructions as per the below two urls to enable JSS 4 - https://developer.mozilla.org/en-US/docs/JSS/Using_JSS<br /> http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/keystores.html<br /> http://download.java.net/jdk8/docs/technotes/guides/deployment/deployment-guide/keystores.html We are using JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM in Firefox v21 but we are getting - <br /> security: Accessing keys and certificate in Mozilla user profile: null<br /> security: JSS is not configured followed by SSK handshake failure when trying to load the client certificate. <pre><nowiki>javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.Alerts.getSSLException(Unknown Source) at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at sun.plugin.PluginURLJarFileCallBack.connect(Unknown Source) at sun.plugin.PluginURLJarFileCallBack.retrieve(Unknown Source) at sun.net.www.protocol.jar.URLJarFile.retrieve(Unknown Source) at sun.net.www.protocol.jar.URLJarFile.getJarFile(Unknown Source) at sun.net.www.protocol.jar.JarFileFactory.get(Unknown Source) at sun.net.www.protocol.jar.JarURLConnection.connect(Unknown Source) at sun.plugin.net.protocol.jar.CachedJarURLConnection.connect(Unknown Source) at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFileInternal(Unknown Source) at sun.plugin.net.protocol.jar.CachedJarURLConnection.getJarFile(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.getJarFile(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.access$1000(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath$JarLoader.ensureOpen(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$JarLoader.<init>(Unknown Source) at com.sun.deploy.security.DeployURLClassPath$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getLoader(Unknown Source) at com.sun.deploy.security.DeployURLClassPath.getResource(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader$2.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.plugin2.applet.Plugin2ClassLoader.findClassHelper(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.initAppletAdapter(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source)</nowiki></pre> The client cert based authentication is working when using IE v8 and IE v9 with the same JRE version (JRE version 1.7.0_25-b16 Java HotSpot(TM) Client VM) Any help to resolve this issue will be very much appreciated.

Modified by cor-el

All Replies (2)

more options

Hi,

Did you add your client certificate(.pfx) into Firefox Certificate Store/Manager? Google Chrome and IE use the same Certificate Store. Firefox use it's own. File ->Options->Advanced->View Certificates.

Modified by ktest

more options

Thank you for your response. Yes we have added the client certificate file (.pfx) in the Firefox browser Certificate manager / Store. It's also showing the certificate in the View Certificate window. We could not resolve it yet.