This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

selecting client cert automatically does not work

more options

If you have several client certs (from the same issuer) with different email addresses installed, Firefox always takes the one with the lowest serial number. Firefox lacks the capability to store information which client cert to use for a web site. Other browsers can do this by selecting the certificate the first time it is requested and remembering the choice. Firefox's 'ask every time' option only caches for the session. So how do I solve this?

If you have several client certs (from the same issuer) with different email addresses installed, Firefox always takes the one with the lowest serial number. Firefox lacks the capability to store information which client cert to use for a web site. Other browsers can do this by selecting the certificate the first time it is requested and remembering the choice. Firefox's 'ask every time' option only caches for the session. So how do I solve this?

All Replies (6)

more options

Hi, This is probably to protect your security. At Mozilla, we pride our selves at being one of the most security conscious browsers.

more options

What do you mean by 'probably'? This is just an excuse for a lack of functionality.

What is the difference in picking one automatically vs. having a lookup table? There is no security issue here unless you screw up the implementation.

Modified by Helmut K. C. Tessarek

more options

Hi, I'll quite happily file a feature request on your behalf. Please remember I am a volunteer, and I don't know everything about Firefox. Please feel free to file a feature request on our bug tracking system. If you'd rather, I'll happily file on your behalf, with your permission.

more options

Thanks, I've already opened a bug report ( https://bugzilla.mozilla.org/show_bug.cgi?id=753017 ). This is actually a bug and not a feature request, because FF picks the one with the lowest SN, if there are more than just one. I don't think they will work on it though. I saw a report from 2001 where someone posted in 2006 that he will add this and that to the client cert component. If this had been done, my problem would not have happened in the first place.

Modified by Helmut K. C. Tessarek

more options

Sorry for late reply, I can moan if they won't help you

more options

Yes, please.

I haven't received anything yet. Nobody even looked at it. If you can do something, please do.