Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

How can I select a client certificate from a smartcard?

more options

Hi,

I have a spr532 card reader with a test smartcard with Firefox 50.1.0 on Ubuntu 16.04 up to date. I want to use the client certificate from the device to log in on a website that I am developing.

I also have a test certificate that I generated and it is not on the card. I can log in with the test certificate that I have but not with the one on the card. The problem is that in the "User identification request" page I cannot see the certificate from the smartcard. I can see my generated certificate but not the one on the smartcard. Firefox asks me for the pins for the smartcard (I have two certs on the card and they both have PINs). Firefox sees my certs from the smartcard in about:preferences#advanced > View Certificates > Your Certificates column. I have both the certs on the smartcard and the one I generated in that table. But when I try to log in, Firefox only shows me my generated cert and not the one from the smartcard.

What can I do? How can I debug this? This is a dev environment. I can change any configs on the server so I can decrypt the TLS session and see what is going on between my server and the browser.

PS: I tried to send this message with 2 other email accounts but I do not get the confirmation email.

Thank you!

Hi, I have a spr532 card reader with a test smartcard with Firefox 50.1.0 on Ubuntu 16.04 up to date. I want to use the client certificate from the device to log in on a website that I am developing. I also have a test certificate that I generated and it is not on the card. I can log in with the test certificate that I have but not with the one on the card. The problem is that in the "User identification request" page I cannot see the certificate from the smartcard. I can see my generated certificate but not the one on the smartcard. Firefox asks me for the pins for the smartcard (I have two certs on the card and they both have PINs). Firefox sees my certs from the smartcard in about:preferences#advanced > View Certificates > Your Certificates column. I have both the certs on the smartcard and the one I generated in that table. But when I try to log in, Firefox only shows me my generated cert and not the one from the smartcard. What can I do? How can I debug this? This is a dev environment. I can change any configs on the server so I can decrypt the TLS session and see what is going on between my server and the browser. PS: I tried to send this message with 2 other email accounts but I do not get the confirmation email. Thank you!

Keazen oplossing

HA! I found the fix myself :D

Firefox does not list the client CA in the dropdown because it does not trust it! I imported some other root CAs in my Firefox with the same CN but with different details. After I imported as a trusted CA the CA that signed the client certificate it worked!

If you go to about:preferences#advanced > Your Certificates > select smart card certificate & view. If you see that the certificate is not trusted then you need to import the CA that signed it. Very important: check "Trust this CA to Identify Email Users.". If you did not check this then you need to remove the CA and add it again.

Dit antwurd yn kontekst lêze 👍 1

Alle antwurden (1)

more options

Keazen oplossing

HA! I found the fix myself :D

Firefox does not list the client CA in the dropdown because it does not trust it! I imported some other root CAs in my Firefox with the same CN but with different details. After I imported as a trusted CA the CA that signed the client certificate it worked!

If you go to about:preferences#advanced > Your Certificates > select smart card certificate & view. If you see that the certificate is not trusted then you need to import the CA that signed it. Very important: check "Trust this CA to Identify Email Users.". If you did not check this then you need to remove the CA and add it again.