Score:0

How to make Firefox prompt for Windows's own certificate store's client certificates?

id flag

As per this blog post it should be possible: https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/

Yet when browsing a site which asks for a client certificate it doesn't open a prompt. (On the same site the prompt happens when installing said certificate in Firefox's own store.)

This happens using Firefox 89.0.2, Windows 10. The server is nginx with ssl_verify_client optional

cn flag
Did you changed the setting as described in the article?
Cigarette Smoking Man avatar
id flag
@PeterHahndorf yup! And I now found the issue too: there is an "Authentication decision" tab in Firefox's Settings -> Privacy & Security -> View Certificates window. I had selected not to send the certificate once and that kept it in memory.
Score:0
id flag

This does work, don't forget two things:

  • security.osclientcerts.autoload to true (as mentioned in the linked blog post)
  • clear the "Authentication decision" row for your website in Firefox's Settings -> Privacy & Security -> View Certificates if you had checked the (default) "Remember this decision" when picking a certificate.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.