Thank you.
Actually the problem was on the server side (OpenAM in my case) - CA
that signed certificate has to be added to keystore containing trusted CA's.
Firefox works perfectly correct and the user can select only a
certificate that chains to the list of CA's.
Regards,
Hubert
On 10/03/2011 05:50 AM, Hubert Świerczyński wrote:
Hello,
I have several personal certificates imported to the firefox user
certificates store.
When I try to log in to the SSL site that requests my personal
certificate I can't select required certificate from the list because
only one of them is shown under "Choose a certificate to present as
identification".
Why the other personal certificates are not included in this list? I
tried to set it via GUI options but it seems to be impossible.
I can only choose one (surprisingly) self-signed certificate, but the
cert from CA that is valid and correct is not shown in the list.
I suppose that all my personal user certificates from Firefox should
be displayed.
The list is usually filtered by the list of CA's which have been sent to
you. If your cert doesn't chain to that list, then it won't appear. My
guess is self-signed certs have been hacked in.
You probably are missing the intermediate CA's which chain your own cert
to the CA cert, or the server is not sending the list a list of CA certs.
bob
Authentication with personal certificate is used by many systems, so
probably I missed something important in Firefox configuration.
Is it possible to change my firefox settings to be able to select any
of my personal cert from my Firefox personal cert store?
Regards,
Hubert
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
