Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Ce site disposera de fonctionnalités limitées pendant que nous effectuons des opérations de maintenance en vue de vous proposer un meilleur service. Si un article ne règle pas votre problème et que vous souhaitez poser une question, notre communauté d’assistance est prête à vous répondre via @FirefoxSupport sur Twitter, et /r/firefox sur Reddit.

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

User Identification Request (Client Certificate) Is Not Remembered

  • 2 réponses
  • 2 ont ce problème
  • 2 vues
  • Dernière réponse par andrew.roth

more options

Hello,

I use several websites that utilize mutual TLS authentication, also known as client certificate authentication. As a developer behind some of these websites, we will frequently launch and relaunch some of these sites to test different changes, so we don't usually bother with getting a properly signed certificate for the site. Developers must add a security exception for accessing the sites, which then prompt for user authentication using client certificates.

The problem I am encountering is that the "Remember this decision" checkbox on the "User Identification Request" does not seem to be working properly. There is one site which makes several connections when the page is first loaded and we have to click "Ok" on the "User Identification Request" about 10 times before the page fully loads. Other sites will randomly prompt for the request again when fetching data. The hostname and port do not change between requests.

I've tried replicating this behavior with a basic Apache httpd server setup with client authentication, but it doesn't seem to happen for the basic site. If this is happening due to a server configuration issue, I would like to know what it is that is causing it so that I can fix it. When using Chrome, this behavior does not happen.

Thank you!

Hello, I use several websites that utilize [https://en.wikipedia.org/wiki/Mutual_authentication mutual TLS authentication], also known as client certificate authentication. As a developer behind some of these websites, we will frequently launch and relaunch some of these sites to test different changes, so we don't usually bother with getting a properly signed certificate for the site. Developers must add a security exception for accessing the sites, which then prompt for user authentication using client certificates. The problem I am encountering is that the "Remember this decision" checkbox on the "User Identification Request" does not seem to be working properly. There is one site which makes several connections when the page is first loaded and we have to click "Ok" on the "User Identification Request" about 10 times before the page fully loads. Other sites will randomly prompt for the request again when fetching data. The hostname and port do not change between requests. I've tried replicating this behavior with a basic Apache httpd server setup with client authentication, but it doesn't seem to happen for the basic site. If this is happening due to a server configuration issue, I would like to know what it is that is causing it so that I can fix it. When using Chrome, this behavior does not happen. Thank you!
Captures d’écran jointes

Toutes les réponses (2)

more options

Try to ask advice on a web development oriented forum.

more options

Hello,

Thank you for taking the time to respond. I have searched the MDN documentation and wasn't able to find anything related to client certificate authentication. Unfortunately, I don't believe this to be a web developer issue, but rather an issue with how Firefox is handling connection authentication using client certificates (i.e. mTLS). Chrome and other browsers don't seem to have this issue. Is there a way I can file a bug or open an issue for Firefox itself?

I'm happy to provide additional information on the connection, but not sure what to look for.

Thank you, Andrew

Modifié le par andrew.roth