© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Alexander,
Thank you for the response.
"about client certificates for authentication?": Because I am unsure of terminology, I will try to be explicit. This is about how firefox handles "certificate" requests from servers when queried. My certificates are good and work, but require constantly selecting the correct certificate.
I had no problem setting up my CAC card for use with Linux / Firefox (DoD plugin pulled all certs that I needed and installed them to firefox). Fairly straight forward process with some excellent guides online.
WHAT AM I DOING: I connect to my work email through an outlook web access server. Since there are certain security concerns, the site now uses the CAC card to provide certificates to access the site.
WHAT I DO / SEE:
a. I connect to the URL. I SEE a dialog box prompting me for my CAC PIN which is required to access my card and verify that I am the proper owner of the card.
b. I enter my PIN. I SEE a dialog box showing me the certificate that FIREFOX wants to respond with (There are two on my card -- one normal and one tagged email).
c. I select the second certificate because that is the one required for this site. It always defaults to wrong certificate until I choose one for the first time. I would like to note, that I am prompted multiple times for the certificate, as I believe the site is pulling data from separate areas, each requesting a certificate. I SEE finally outlook web access (OWA) interface.
d. While working in OWA, if I reply to an email, open calendars, tasks, etc... I am prompted to select the certificate... sometimes multiple times in a row. WHAT I SEE is that after a certain amount of time, firefox starts presenting me with the correct certificate as its default selection (supports my thought that there are multiple queries for the certifcate from different sources).
The above notes are what occurs on default firefox setting (choose certificate everytime firefox is asked). If I wait until I see all of my certificate requests are defaulting to "email certificate" and then change the default setting of firefox to "let firefox choose the certificate to respond with", it works flawlessly with out any other problems.
If I change the default settings to "Let Firefox Choose" prior to connecting to site, FIREFOX ALWAYS chooses the wrong certificate and I am locked out of the site. NOTE, that this is after a restart of firefox that this occurs and not if I changed the settings after getting through the initial series of "selecting" the certificate.
MY BELIEF:
1. Firefox has a bug in how it handles certificate requests. It is not processing the request properly, so always defaults to wrong certificate.
AND OR
2. Firefox is supposed to learn and remember the proper certificate selected for the site and fails to do that, so switching to "letting firefox choose" fails once it learns because it forgets the association with the site.
OR
3. Firefox doesn't have the requiste functionality yet to handle the certificates learning and it needs to be requested as a new feature. If it needs to be implemented, the certificate handling should have another option in which it asks for the correct certificate if it has not learned/been told to remember the certificate/website association. It should work something like the passwords and websites works in firefox.
OR
4. The functionality is there, I just don't know where it is and how to configure it.
Thanks in advance. :)
ARM-C