לאתר זה תהיה פונקציונליות מוגבלת בזמן שאנו מתחזקים אותו לשיפור החוויה שלך. אם מאמר מסויים לא פותר את הבעיה שלך וברצונך לשאול שאלה, קהילת התמיכה שלנו מחכה לעזור לך ב־Twitter תחת ‎@FirefoxSupport וב־Reddit תחת ‎/r/firefox.

חיפוש בתמיכה

יש להימנע מהונאות תמיכה. לעולם לא נבקש ממך להתקשר או לשלוח הודעת טקסט למספר טלפון או לשתף מידע אישי. נא לדווח על כל פעילות חשודה באמצעות באפשרות ״דיווח על שימוש לרעה״.

מידע נוסף

How can I select a client certificate from a smartcard?

  • 1 תגובה
  • 1 has this problem
  • 737 views
  • תגובה אחרונה מאת andreiconnectis

more options

Hi,

I have a spr532 card reader with a test smartcard with Firefox 50.1.0 on Ubuntu 16.04 up to date. I want to use the client certificate from the device to log in on a website that I am developing.

I also have a test certificate that I generated and it is not on the card. I can log in with the test certificate that I have but not with the one on the card. The problem is that in the "User identification request" page I cannot see the certificate from the smartcard. I can see my generated certificate but not the one on the smartcard. Firefox asks me for the pins for the smartcard (I have two certs on the card and they both have PINs). Firefox sees my certs from the smartcard in about:preferences#advanced > View Certificates > Your Certificates column. I have both the certs on the smartcard and the one I generated in that table. But when I try to log in, Firefox only shows me my generated cert and not the one from the smartcard.

What can I do? How can I debug this? This is a dev environment. I can change any configs on the server so I can decrypt the TLS session and see what is going on between my server and the browser.

PS: I tried to send this message with 2 other email accounts but I do not get the confirmation email.

Thank you!

Hi, I have a spr532 card reader with a test smartcard with Firefox 50.1.0 on Ubuntu 16.04 up to date. I want to use the client certificate from the device to log in on a website that I am developing. I also have a test certificate that I generated and it is not on the card. I can log in with the test certificate that I have but not with the one on the card. The problem is that in the "User identification request" page I cannot see the certificate from the smartcard. I can see my generated certificate but not the one on the smartcard. Firefox asks me for the pins for the smartcard (I have two certs on the card and they both have PINs). Firefox sees my certs from the smartcard in about:preferences#advanced > View Certificates > Your Certificates column. I have both the certs on the smartcard and the one I generated in that table. But when I try to log in, Firefox only shows me my generated cert and not the one from the smartcard. What can I do? How can I debug this? This is a dev environment. I can change any configs on the server so I can decrypt the TLS session and see what is going on between my server and the browser. PS: I tried to send this message with 2 other email accounts but I do not get the confirmation email. Thank you!

פתרון נבחר

HA! I found the fix myself :D

Firefox does not list the client CA in the dropdown because it does not trust it! I imported some other root CAs in my Firefox with the same CN but with different details. After I imported as a trusted CA the CA that signed the client certificate it worked!

If you go to about:preferences#advanced > Your Certificates > select smart card certificate & view. If you see that the certificate is not trusted then you need to import the CA that signed it. Very important: check "Trust this CA to Identify Email Users.". If you did not check this then you need to remove the CA and add it again.

Read this answer in context 👍 1

כל התגובות (1)

more options

פתרון נבחר

HA! I found the fix myself :D

Firefox does not list the client CA in the dropdown because it does not trust it! I imported some other root CAs in my Firefox with the same CN but with different details. After I imported as a trusted CA the CA that signed the client certificate it worked!

If you go to about:preferences#advanced > Your Certificates > select smart card certificate & view. If you see that the certificate is not trusted then you need to import the CA that signed it. Very important: check "Trust this CA to Identify Email Users.". If you did not check this then you need to remove the CA and add it again.