using client SSL certificate with Firefox

------=_Part_3233_3369848.1142383177612
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello,

I generated a client SSL certificate (tried both by using openssl and
certutil) converted it to PKCS#12 format.  After that, I imported it into
Firefox and can see the certificate of the "Your Certificates" tab in Edit =
>
Preferences > Advanced > View Certificates.

However, when I do the TLS handshake, the client never sends a certificates
- the certificate callback function always fails and the client sends a TLS
alert 41 instead.

What should I do to make NSS/PSM detect the client SSL certificate that I
imported into Firefox?

The certificate extensions I am using are:

Certificate Type: SSL Client
Certificate Key Usage: Digital Signature, Key Encipherment

Regards,
Peter

------=_Part_3233_3369848.1142383177612
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello,<br><br>I generated a client SSL certificate (tried both by using ope=
nssl and certutil) converted it to PKCS#12 format.&nbsp; After that, I impo=
rted it into Firefox and can see the certificate of the &quot;Your Certific=
ates&quot; tab in Edit &gt; Preferences &gt; Advanced &gt; View Certificate=
s.
<br><br>However, when I do the TLS handshake, the client never sends a cert=
ificates - the certificate callback function always fails and the client se=
nds a TLS alert 41 instead.<br><br>What should I do to make NSS/PSM detect =
the client SSL certificate that I imported into Firefox?
<br><br>The certificate extensions I am using are:<br><br>Certificate Type:=
 SSL Client<br>Certificate Key Usage: Digital Signature, Key Encipherment<b=
r><br>Regards,<br>Peter<br>

------=_Part_3233_3369848.1142383177612--
0
Peter
3/15/2006 12:39:37 AM
mozilla.dev.tech.crypto 2048 articles. 1 followers. Post Follow

1 Replies
817 Views

Similar Articles

[PageSpeed] 49

------=_Part_3293_3424872.1142383296242
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Forgot to mention, in the certificate trust flags the "User" SSL flag is
checked.

------=_Part_3293_3424872.1142383296242
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Forgot to mention, in the certificate trust flags the &quot;User&quot; SSL =
flag is checked.<br>

------=_Part_3293_3424872.1142383296242--
0
Peter
3/15/2006 12:41:36 AM
Reply:

Similar Artilces:

SSL-client auth. using certificate
Hi all, can anybody help me out to tell me howto authentificate to a SSL v3 server using a client certificate? TIA Tobias -- Sent through GMX FreeMail - http://www.gmx.net ...

Reportviewer working over ssl(fortress) using Firefox, but not over ssl using IE
Hello,I have a local report - using the reportviewer control - being displayed to internet users over an ssl connection (Fortress).  The report works find in Safari and Firefox web browsers, but does not display in I.E. What happens is the reportviewer acts like it is going to display the report properly, but as soon as the "Report is being Generated" message ends, the report viewer control tool bar drops to the bottom of the page effectively not showing the report.  I can click export on the tool bar - that works as expected and allows me to download the report as an excel or pdf ...

Using client certificates: "Require client certificates" is enabled on IIS
 Hey world, I have an application that works fine using SSL, but when I enable  "Require client certificates" on IIS it prompts the client for a certificate (behavior kind of expected) but I can't figure out how to create a "Client Certificate" so the client can access the application. I followed step by step this article with no luck:http://support.microsoft.com/kb/901183 (the WinHttpCertCfg.exe –i PfxFile -c LOCAL_MACHINE\MY -p Password  line just wouldn't work) I created a certificate on my test web server using "SelfSSL" and then I exported it as an .P...

Using SSL client-side certificates on an IdP
So I was explaining BrowserID to a friend at lunch, a security-minded guy who runs a machine that provides email service to a few dozen of his friends. We wanted to figure out how he could turn that into a primary IdP for those users. He doesn't provide webmail service (just IMAP), and uses client-side SSL certificates for authentication on the web services that require it (using some apache config that makes it pretty easy: he has a static table that maps client cert to username). Client-side certificates aren't the most common technique out there, but I figured it should st...

automatically installing new client SSL certificate into Firefox
Hello, I recently went to GoDaddy and created myself a new client SSL certificate. During the process Firefox generated a new key pair, the GoDaddy application issued the certificate and Firefox installed it automatically (after asking me) into the NSS database. Can anybody provide any pointers as to how exactly these things happen? Particularly, I am interested in how the web application instructs Firefox to generate a new key pair, who generates the certificate requests, how the request is returned to the CA to sign it and how the application instructs Firefox to install the n...

Calling WebServices from PB9 using SSL and client certificates
Hi, We are trying to connect a PB9 client program to a webservice running on EAServer (4.2.2) using SSL with Server and Client authentication. If we only require Server Authentication we are able to invoke, and connect to the webservice using the Soapconnection object in powerbuilder. When we require Client Authentication also and we leave our code as is, we get the error message 'Error negotiating secure connection : error:00000001:lib(0):func(0):reason(1)'. Note that we did generate client certificates and imported it at the server; by using the Internet Explorer, we c...

Fetch SSL server certificate using SSL_PeerCertificate in firefox
Hi all, I want to fetch the SSL server certificate of a website, on firing a request to the website's URL. I'm using C++ XPCOM and NSS. Though I could connect to the server and do a SSL handshake, I'm not able to fetch the SSL certificate using SSL_PeerCertificate. The SSL handshake is performed using SSL_ForceHandshake and the corresponding callback function is called. I also have the following callback functions and none of them are being called: SSL_GetClientAuthDataHook SSL_AuthCertificateHook SSL_BadCertHook No bytes are being read fr...

Connect to web site(Server) using SSL & Client Certificates
Hi all, how to Connect soapclient to web site(Server) using SSL & Client Certificates? Thanks, suhdir    i got code from this site http://aspnethelps.blogspot.com/  ...

Connect soapclient to web site(Server) using SSL & Client Certificates
how to Connect soapclient to web site(Server) using SSL & Client Certificates? thanks sudhir i got code(c#) from this site http://dotnethelps.blogspot.com/ see http://dotnethelps.blogspot.com/2007/03/connect-to-web-site-using-ssl-client.html...

Firefox 2.0.x: tracking unsuspecting users using TLS client certificates
While building the new OpenXPKI Live CD ... <shameless_plug>if you are looking for an (open source) enterprise-grade PKI system, consider OpenXPKI. You can now test development snapshots using our new Morphix-based live CD.</shameless_plug> .... I realised that you can do something with Firefox 2.0.x that you could not do with Firefox 1.5.x: track an unsuspecting user using TLS client certificates. Here is how it works: - The user visits a websites and leaves behind some personal data (for example on a registration form). - The website uses SPKAC using the <key...

JRE/Java cannot access Firefox's certificate keystore for SSL Client Authentication
Hi, we have a site that is requiring mutual ssl authentication (client authentication) using certificates. I have imported the required certificates into Firefox certificate store. The problem occurs as I try to use an applet downloaded from the site (behind the HTTP server requiring client authentication). A popup titled "Password needed - Client authentication keystore" is being displayed and when given the password, an empty list of certificates is given for the user to select from. This is due to the fact that JRE cannot access the Mozilla's certificate store...

Firefox 2.0.x: tracking unsuspecting users using TLS client certificates
While building the new OpenXPKI Live CD ... <shameless_plug>if you are looking for an (open source) enterprise-grade PKI system, consider OpenXPKI. You can now test development snapshots using our new Morphix-based live CD.</shameless_plug> .... I realised that you can do something with Firefox 2.0.x that you could not do with Firefox 1.5.x: track an unsuspecting user using TLS client certificates. Here is how it works: - The user visits a websites and leaves behind some personal data (for example on a registration form). - The website uses SPKAC using the <key...

Generate, client certificate for use with ASP.Net webapp, use for auth
I need to do the following: 1. Generate a client certificate that has a common name (CN) of "my.server.com:myappname". 2. Generate a CSR that I can send to a remote company in order for them to sign my certificate. I paste the CSR into the company's webform, hit submit, the remote company will then send me back a certificate for their CA, and a signed certificate for my app to use to communicate with their servers. 3. Import the CA certificate so that the signed certificate I was issued will be considered valid. 4. Import the signed certificate for my webapp. 5. Acc...

x-posting from dev-tech-crypto: web crypto APIs and resources
Hello Security Enthusiasts: I just started a conversation on Web Crypto APIs (low-level, high-level) and the resources to implement in Gecko. https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.tech.crypto/rQeNHJsYKoM Cheers, David ...

Web resources about - using client SSL certificate with Firefox - mozilla.dev.tech.crypto

Certificate of Entitlement - Wikipedia, the free encyclopedia
On 1 May 1990, the then transportation unit of Singapore's Public Works Department (PWD) instituted a quota limit to vehicles called the COE ...

Birth certificate mix-up sparks identity fraud fears
Parents of newborn children have been mailed birth certificates for other peoples' babies in a mix-up described as a major privacy breach.

Birth certificate mix-up sparks identity fraud fears
Human error has led to nine parents being sent&nbsp;birth certificates for other peoples' babies, in what has been described&nbsp;as a major ...

SA Premier to apologise after David Bulmer-Rizzi's same-sex marriage not recognised on death certificate ...
... Weatherill says he will apologise to the family of a British man after authorities refuse to recognise his same-sex marriage on his death certificate. ...

Doctor-assisted dying should be listed on death certificates: law professor
Provincial and territorial death certificates should indicate when a patient's life was ended with the help of a doctor, says an analysis published ...

Google considers following Mozilla, Microsoft, and dropping SHA-1 certificates early
Last month Microsoft said that it was considering ending support for TLS and SSL certificates that used the SHA-1 hashing algorithm, after Mozilla ...

China's Use of Derivatives to Hide Capital Flight Comes Unglued; Reserves Fall by Record Amount; "Worthless" ...
... for a while, using swap derivatives. Things looked better, until December and January, when suddenly they didn't. About Those "Worthless" Certificates ...

Exclusive: Birth Certificate for Ted Cruz’s Mother
Eleanor Darragh, mother of Ted Cruz, was born in Delaware on Nov. 23, 1934, establishing her citizenshipand, later, his, though he was born in ...

MSNBC's Chris Matthews confronted Donald Trump about Obama's birth certificate after the debate
... , MSNBC host Chris Matthews confronted Donald Trump over the real-estate mogul's past questioning of President Barack Obama's birth certificate. ...

Cruz releases mother's birth certificate amid citizenship debate
The Republican presidential candidate has faced mounting questions over his eligibility to run for the White House

Resources last updated: 1/22/2016 1:24:53 PM