We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

selecting client cert automatically does not work

more options

If you have several client certs (from the same issuer) with different email addresses installed, Firefox always takes the one with the lowest serial number. Firefox lacks the capability to store information which client cert to use for a web site. Other browsers can do this by selecting the certificate the first time it is requested and remembering the choice. Firefox's 'ask every time' option only caches for the session. So how do I solve this?

If you have several client certs (from the same issuer) with different email addresses installed, Firefox always takes the one with the lowest serial number. Firefox lacks the capability to store information which client cert to use for a web site. Other browsers can do this by selecting the certificate the first time it is requested and remembering the choice. Firefox's 'ask every time' option only caches for the session. So how do I solve this?

All Replies (6)

more options

Hi, This is probably to protect your security. At Mozilla, we pride our selves at being one of the most security conscious browsers.

more options

What do you mean by 'probably'? This is just an excuse for a lack of functionality.

What is the difference in picking one automatically vs. having a lookup table? There is no security issue here unless you screw up the implementation.

Athraithe ag Helmut K. C. Tessarek ar

more options

Hi, I'll quite happily file a feature request on your behalf. Please remember I am a volunteer, and I don't know everything about Firefox. Please feel free to file a feature request on our bug tracking system. If you'd rather, I'll happily file on your behalf, with your permission.

more options

Thanks, I've already opened a bug report ( https://bugzilla.mozilla.org/show_bug.cgi?id=753017 ). This is actually a bug and not a feature request, because FF picks the one with the lowest SN, if there are more than just one. I don't think they will work on it though. I saw a report from 2001 where someone posted in 2006 that he will add this and that to the client cert component. If this had been done, my problem would not have happened in the first place.

Athraithe ag Helmut K. C. Tessarek ar

more options

Sorry for late reply, I can moan if they won't help you

more options

Yes, please.

I haven't received anything yet. Nobody even looked at it. If you can do something, please do.