Die Funktionalität dieser Website ist durch Wartungsarbeiten eingeschränkt, die Ihr Erlebnis verbessern sollen. Wenn ein Artikel Ihr Problem nicht löst und Sie eine Frage stellen möchten, können Sie unsere Gemeinschaft über @FirefoxSupport auf Twitter, /r/firefox oder Reddit fragen.

Hilfe durchsuchen

Vorsicht vor Support-Betrug: Wir fordern Sie niemals auf, eine Telefonnummer anzurufen, eine SMS an eine Telefonnummer zu senden oder persönliche Daten preiszugeben. Bitte melden Sie verdächtige Aktivitäten über die Funktion „Missbrauch melden“.

Weitere Informationen

How can I select a client certificate from a smartcard?

more options

Hi,

I have a spr532 card reader with a test smartcard with Firefox 50.1.0 on Ubuntu 16.04 up to date. I want to use the client certificate from the device to log in on a website that I am developing.

I also have a test certificate that I generated and it is not on the card. I can log in with the test certificate that I have but not with the one on the card. The problem is that in the "User identification request" page I cannot see the certificate from the smartcard. I can see my generated certificate but not the one on the smartcard. Firefox asks me for the pins for the smartcard (I have two certs on the card and they both have PINs). Firefox sees my certs from the smartcard in about:preferences#advanced > View Certificates > Your Certificates column. I have both the certs on the smartcard and the one I generated in that table. But when I try to log in, Firefox only shows me my generated cert and not the one from the smartcard.

What can I do? How can I debug this? This is a dev environment. I can change any configs on the server so I can decrypt the TLS session and see what is going on between my server and the browser.

PS: I tried to send this message with 2 other email accounts but I do not get the confirmation email.

Thank you!

Hi, I have a spr532 card reader with a test smartcard with Firefox 50.1.0 on Ubuntu 16.04 up to date. I want to use the client certificate from the device to log in on a website that I am developing. I also have a test certificate that I generated and it is not on the card. I can log in with the test certificate that I have but not with the one on the card. The problem is that in the "User identification request" page I cannot see the certificate from the smartcard. I can see my generated certificate but not the one on the smartcard. Firefox asks me for the pins for the smartcard (I have two certs on the card and they both have PINs). Firefox sees my certs from the smartcard in about:preferences#advanced > View Certificates > Your Certificates column. I have both the certs on the smartcard and the one I generated in that table. But when I try to log in, Firefox only shows me my generated cert and not the one from the smartcard. What can I do? How can I debug this? This is a dev environment. I can change any configs on the server so I can decrypt the TLS session and see what is going on between my server and the browser. PS: I tried to send this message with 2 other email accounts but I do not get the confirmation email. Thank you!

Ausgewählte Lösung

HA! I found the fix myself :D

Firefox does not list the client CA in the dropdown because it does not trust it! I imported some other root CAs in my Firefox with the same CN but with different details. After I imported as a trusted CA the CA that signed the client certificate it worked!

If you go to about:preferences#advanced > Your Certificates > select smart card certificate & view. If you see that the certificate is not trusted then you need to import the CA that signed it. Very important: check "Trust this CA to Identify Email Users.". If you did not check this then you need to remove the CA and add it again.

Diese Antwort im Kontext lesen 👍 1

Alle Antworten (1)

more options

Ausgewählte Lösung

HA! I found the fix myself :D

Firefox does not list the client CA in the dropdown because it does not trust it! I imported some other root CAs in my Firefox with the same CN but with different details. After I imported as a trusted CA the CA that signed the client certificate it worked!

If you go to about:preferences#advanced > Your Certificates > select smart card certificate & view. If you see that the certificate is not trusted then you need to import the CA that signed it. Very important: check "Trust this CA to Identify Email Users.". If you did not check this then you need to remove the CA and add it again.