Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

User Identification Request (Client Certificate) Is Not Remembered

  • 2 antwurd
  • 2 hawwe dit probleem
  • 2 werjeftes
  • Lêste antwurd fan andrew.roth

more options

Hello,

I use several websites that utilize mutual TLS authentication, also known as client certificate authentication. As a developer behind some of these websites, we will frequently launch and relaunch some of these sites to test different changes, so we don't usually bother with getting a properly signed certificate for the site. Developers must add a security exception for accessing the sites, which then prompt for user authentication using client certificates.

The problem I am encountering is that the "Remember this decision" checkbox on the "User Identification Request" does not seem to be working properly. There is one site which makes several connections when the page is first loaded and we have to click "Ok" on the "User Identification Request" about 10 times before the page fully loads. Other sites will randomly prompt for the request again when fetching data. The hostname and port do not change between requests.

I've tried replicating this behavior with a basic Apache httpd server setup with client authentication, but it doesn't seem to happen for the basic site. If this is happening due to a server configuration issue, I would like to know what it is that is causing it so that I can fix it. When using Chrome, this behavior does not happen.

Thank you!

Hello, I use several websites that utilize [https://en.wikipedia.org/wiki/Mutual_authentication mutual TLS authentication], also known as client certificate authentication. As a developer behind some of these websites, we will frequently launch and relaunch some of these sites to test different changes, so we don't usually bother with getting a properly signed certificate for the site. Developers must add a security exception for accessing the sites, which then prompt for user authentication using client certificates. The problem I am encountering is that the "Remember this decision" checkbox on the "User Identification Request" does not seem to be working properly. There is one site which makes several connections when the page is first loaded and we have to click "Ok" on the "User Identification Request" about 10 times before the page fully loads. Other sites will randomly prompt for the request again when fetching data. The hostname and port do not change between requests. I've tried replicating this behavior with a basic Apache httpd server setup with client authentication, but it doesn't seem to happen for the basic site. If this is happening due to a server configuration issue, I would like to know what it is that is causing it so that I can fix it. When using Chrome, this behavior does not happen. Thank you!
Keppele skermôfbyldingen

Alle antwurden (2)

more options

Try to ask advice on a web development oriented forum.

more options

Hello,

Thank you for taking the time to respond. I have searched the MDN documentation and wasn't able to find anything related to client certificate authentication. Unfortunately, I don't believe this to be a web developer issue, but rather an issue with how Firefox is handling connection authentication using client certificates (i.e. mTLS). Chrome and other browsers don't seem to have this issue. Is there a way I can file a bug or open an issue for Firefox itself?

I'm happy to provide additional information on the connection, but not sure what to look for.

Thank you, Andrew

Bewurke troch andrew.roth op