為了改善您的使用體驗,本網站正在進行維護,部分功能暫時無法使用。若本站的文件無法解決您的問題,想要向社群發問的話,請到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 發問,我們的社群成員將很快會回覆您的疑問。

搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

How can I select a client certificate from a smartcard?

more options

Hi,

I have a spr532 card reader with a test smartcard with Firefox 50.1.0 on Ubuntu 16.04 up to date. I want to use the client certificate from the device to log in on a website that I am developing.

I also have a test certificate that I generated and it is not on the card. I can log in with the test certificate that I have but not with the one on the card. The problem is that in the "User identification request" page I cannot see the certificate from the smartcard. I can see my generated certificate but not the one on the smartcard. Firefox asks me for the pins for the smartcard (I have two certs on the card and they both have PINs). Firefox sees my certs from the smartcard in about:preferences#advanced > View Certificates > Your Certificates column. I have both the certs on the smartcard and the one I generated in that table. But when I try to log in, Firefox only shows me my generated cert and not the one from the smartcard.

What can I do? How can I debug this? This is a dev environment. I can change any configs on the server so I can decrypt the TLS session and see what is going on between my server and the browser.

PS: I tried to send this message with 2 other email accounts but I do not get the confirmation email.

Thank you!

Hi, I have a spr532 card reader with a test smartcard with Firefox 50.1.0 on Ubuntu 16.04 up to date. I want to use the client certificate from the device to log in on a website that I am developing. I also have a test certificate that I generated and it is not on the card. I can log in with the test certificate that I have but not with the one on the card. The problem is that in the "User identification request" page I cannot see the certificate from the smartcard. I can see my generated certificate but not the one on the smartcard. Firefox asks me for the pins for the smartcard (I have two certs on the card and they both have PINs). Firefox sees my certs from the smartcard in about:preferences#advanced > View Certificates > Your Certificates column. I have both the certs on the smartcard and the one I generated in that table. But when I try to log in, Firefox only shows me my generated cert and not the one from the smartcard. What can I do? How can I debug this? This is a dev environment. I can change any configs on the server so I can decrypt the TLS session and see what is going on between my server and the browser. PS: I tried to send this message with 2 other email accounts but I do not get the confirmation email. Thank you!

被選擇的解決方法

HA! I found the fix myself :D

Firefox does not list the client CA in the dropdown because it does not trust it! I imported some other root CAs in my Firefox with the same CN but with different details. After I imported as a trusted CA the CA that signed the client certificate it worked!

If you go to about:preferences#advanced > Your Certificates > select smart card certificate & view. If you see that the certificate is not trusted then you need to import the CA that signed it. Very important: check "Trust this CA to Identify Email Users.". If you did not check this then you need to remove the CA and add it again.

從原來的回覆中察看解決方案 👍 1

所有回覆 (1)

more options

選擇的解決方法

HA! I found the fix myself :D

Firefox does not list the client CA in the dropdown because it does not trust it! I imported some other root CAs in my Firefox with the same CN but with different details. After I imported as a trusted CA the CA that signed the client certificate it worked!

If you go to about:preferences#advanced > Your Certificates > select smart card certificate & view. If you see that the certificate is not trusted then you need to import the CA that signed it. Very important: check "Trust this CA to Identify Email Users.". If you did not check this then you need to remove the CA and add it again.