We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

cannot make Firefox load client cert from MacOS keychain

  • 1 reply
  • 1 has this problem
  • 1 view
  • Last reply by Scott

more options

I am trying to get Firefox to load client certificates from a user's MacOS login keychain to support Mutual TLS. According to this Mozilla Security blog post I *should* be able to set 'security.osclientcerts.autoload' to 'true' in Firefox 75 or later, but I have not been able to make this work.

I am testing this on MacOS 10.15.5 Beta, with Firefox 76.0.1 (64-bit). I have imported a client certificate into my user's login keychain, and have confirmed that I can access a website that requires client certificates using Safari and that certificate.

I have set 'security.osclientcerts.autoload' to 'true' in my browser's configuration preferences, but when I attempt to browse to the website the connection fails with 'SSL_ERROR_HANDSHAKE_FAILURE_ALERT'. I have also tried creating a 'user.js' preferences file, but it did not help:

% cat user.js user_pref("security.default_personal_cert", "Select Automatically");

I very much need to make this work, and would appreciate any information about other configuration steps I need to take, or things I have missed.

I am trying to get Firefox to load client certificates from a user's MacOS login keychain to support Mutual TLS. According to [https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/ this Mozilla Security blog post] I *should* be able to set 'security.osclientcerts.autoload' to 'true' in Firefox 75 or later, but I have not been able to make this work. I am testing this on MacOS 10.15.5 Beta, with Firefox 76.0.1 (64-bit). I have imported a client certificate into my user's login keychain, and have confirmed that I can access a website that requires client certificates using Safari and that certificate. I have set 'security.osclientcerts.autoload' to 'true' in my browser's configuration preferences, but when I attempt to browse to the website the connection fails with 'SSL_ERROR_HANDSHAKE_FAILURE_ALERT'. I have also tried creating a 'user.js' preferences file, but it did not help: % cat user.js user_pref("security.default_personal_cert", "Select Automatically"); I very much need to make this work, and would appreciate any information about other configuration steps I need to take, or things I have missed.

All Replies (1)

more options

FWIW: I filed bug 1637374 for this issue.