Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Firefox using an expired certificate instead of a current one to authenticate access to a secured website

  • 1 reply
  • 0 have this problem
  • 1 view
  • Last reply by furd

more options

I work at MIT, where personal certificates are issued by MIT to control access to restricted websites and campus resources.

The certificates expire after a year and have to be renewed.

For all of 2022, my Firefox correctly used my 2022 certificate to access websites, even though I also had expired 2020 and 2021 certificates stored and listed in the Certificate Manager.

Our 2022 certificates expired on July 31. I already had installed my 2023 certificate in the Certificate Manager, where it is presently listed. HOWEVER, Firefox seems to be offered up the expired certificate to all my MIT websites, despite the fact it's expired.

I have tried removing my "Active Logins" in the History:Clear Recent History... dialog, but that makes no difference.

There ought to be some way to instruct Firefox NOT to automatically pick what it used to use, and use something new, but I cannot figure out how to force such a thing.

Ideas?

I work at MIT, where personal certificates are issued by MIT to control access to restricted websites and campus resources. The certificates expire after a year and have to be renewed. For all of 2022, my Firefox correctly used my 2022 certificate to access websites, even though I also had expired 2020 and 2021 certificates stored and listed in the Certificate Manager. Our 2022 certificates expired on July 31. I already had installed my 2023 certificate in the Certificate Manager, where it is presently listed. HOWEVER, Firefox seems to be offered up the expired certificate to all my MIT websites, despite the fact it's expired. I have tried removing my "Active Logins" in the History:Clear Recent History... dialog, but that makes no difference. There ought to be some way to instruct Firefox NOT to automatically pick what it used to use, and use something new, but I cannot figure out how to force such a thing. Ideas?

All Replies (1)

more options

Nevermind -- MIT supplies a tool that helps us with this that has taken care of it - it "updates" our identity preferences AFTER asking us to specify the correct certificate from the Keychain

However, I can imagine that others without that infrastructure might want to know the answer to this.