We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Pesquisar no site de suporte

Evite golpes de suporte. Nunca pedimos que você ligue ou envie uma mensagem de texto para um número de telefone, ou compartilhe informações pessoais. Denuncie atividades suspeitas usando a opção “Denunciar abuso”.

Saiba mais

Esta discussão foi arquivada. Faça uma nova pergunta se precisa de ajuda.

User Identification Request (Client Certificate) Is Not Remembered

  • 2 respostas
  • 2 têm este problema
  • 2 visualizações
  • Última resposta de andrew.roth

more options

Hello,

I use several websites that utilize mutual TLS authentication, also known as client certificate authentication. As a developer behind some of these websites, we will frequently launch and relaunch some of these sites to test different changes, so we don't usually bother with getting a properly signed certificate for the site. Developers must add a security exception for accessing the sites, which then prompt for user authentication using client certificates.

The problem I am encountering is that the "Remember this decision" checkbox on the "User Identification Request" does not seem to be working properly. There is one site which makes several connections when the page is first loaded and we have to click "Ok" on the "User Identification Request" about 10 times before the page fully loads. Other sites will randomly prompt for the request again when fetching data. The hostname and port do not change between requests.

I've tried replicating this behavior with a basic Apache httpd server setup with client authentication, but it doesn't seem to happen for the basic site. If this is happening due to a server configuration issue, I would like to know what it is that is causing it so that I can fix it. When using Chrome, this behavior does not happen.

Thank you!

Hello, I use several websites that utilize [https://en.wikipedia.org/wiki/Mutual_authentication mutual TLS authentication], also known as client certificate authentication. As a developer behind some of these websites, we will frequently launch and relaunch some of these sites to test different changes, so we don't usually bother with getting a properly signed certificate for the site. Developers must add a security exception for accessing the sites, which then prompt for user authentication using client certificates. The problem I am encountering is that the "Remember this decision" checkbox on the "User Identification Request" does not seem to be working properly. There is one site which makes several connections when the page is first loaded and we have to click "Ok" on the "User Identification Request" about 10 times before the page fully loads. Other sites will randomly prompt for the request again when fetching data. The hostname and port do not change between requests. I've tried replicating this behavior with a basic Apache httpd server setup with client authentication, but it doesn't seem to happen for the basic site. If this is happening due to a server configuration issue, I would like to know what it is that is causing it so that I can fix it. When using Chrome, this behavior does not happen. Thank you!
Capturas de tela anexadas

Todas as respostas (2)

more options

Try to ask advice on a web development oriented forum.

more options

Hello,

Thank you for taking the time to respond. I have searched the MDN documentation and wasn't able to find anything related to client certificate authentication. Unfortunately, I don't believe this to be a web developer issue, but rather an issue with how Firefox is handling connection authentication using client certificates (i.e. mTLS). Chrome and other browsers don't seem to have this issue. Is there a way I can file a bug or open an issue for Firefox itself?

I'm happy to provide additional information on the connection, but not sure what to look for.

Thank you, Andrew

Alterado por andrew.roth em