Mozilla VPN is currently experiencing an outage. Our team is actively working to resolve the issue. Please check the status page for real-time updates. Thank you for your patience.

Przeszukaj pomoc

Unikaj oszustw związanych z pomocą.Nigdy nie będziemy prosić Cię o dzwonienie na numer telefonu, wysyłanie SMS-ów ani o udostępnianie danych osobowych. Zgłoś podejrzaną aktywność, korzystając z opcji „Zgłoś nadużycie”.

Więcej informacji

User Identification Request (Client Certificate) Is Not Remembered

  • 2 odpowiedzi
  • 2 osoby mają ten problem
  • 2 wyświetlenia
  • Ostatnia odpowiedź od andrew.roth

more options

Hello,

I use several websites that utilize mutual TLS authentication, also known as client certificate authentication. As a developer behind some of these websites, we will frequently launch and relaunch some of these sites to test different changes, so we don't usually bother with getting a properly signed certificate for the site. Developers must add a security exception for accessing the sites, which then prompt for user authentication using client certificates.

The problem I am encountering is that the "Remember this decision" checkbox on the "User Identification Request" does not seem to be working properly. There is one site which makes several connections when the page is first loaded and we have to click "Ok" on the "User Identification Request" about 10 times before the page fully loads. Other sites will randomly prompt for the request again when fetching data. The hostname and port do not change between requests.

I've tried replicating this behavior with a basic Apache httpd server setup with client authentication, but it doesn't seem to happen for the basic site. If this is happening due to a server configuration issue, I would like to know what it is that is causing it so that I can fix it. When using Chrome, this behavior does not happen.

Thank you!

Hello, I use several websites that utilize [https://en.wikipedia.org/wiki/Mutual_authentication mutual TLS authentication], also known as client certificate authentication. As a developer behind some of these websites, we will frequently launch and relaunch some of these sites to test different changes, so we don't usually bother with getting a properly signed certificate for the site. Developers must add a security exception for accessing the sites, which then prompt for user authentication using client certificates. The problem I am encountering is that the "Remember this decision" checkbox on the "User Identification Request" does not seem to be working properly. There is one site which makes several connections when the page is first loaded and we have to click "Ok" on the "User Identification Request" about 10 times before the page fully loads. Other sites will randomly prompt for the request again when fetching data. The hostname and port do not change between requests. I've tried replicating this behavior with a basic Apache httpd server setup with client authentication, but it doesn't seem to happen for the basic site. If this is happening due to a server configuration issue, I would like to know what it is that is causing it so that I can fix it. When using Chrome, this behavior does not happen. Thank you!
Załączone zrzuty ekranu

Wszystkie odpowiedzi (2)

more options

Try to ask advice on a web development oriented forum.

more options

Hello,

Thank you for taking the time to respond. I have searched the MDN documentation and wasn't able to find anything related to client certificate authentication. Unfortunately, I don't believe this to be a web developer issue, but rather an issue with how Firefox is handling connection authentication using client certificates (i.e. mTLS). Chrome and other browsers don't seem to have this issue. Is there a way I can file a bug or open an issue for Firefox itself?

I'm happy to provide additional information on the connection, but not sure what to look for.

Thank you, Andrew

Zmodyfikowany przez andrew.roth w dniu