0

I'm trying for days now to setup client ssl with apache and firefox using my hsm smartcard.

I generated one certificate for every page I'm trying to set up. The smartcard shows up in firefox and displays all certificates in the certificate manager but when I'm trying to access the sites only one of them asks me for the certificate and all other pages show the error: SSL_ERROR_HANDSHAKE_FAILURE_ALERT

I verified every certificate against the CAFiles in apache and tried pkcs12 certificates without any problems for all sites.

The certificates are also verified for SSL Client use in firefox.

I have no idea why firefox isn't asking me to select the client certificate and I don't know why one page works where the others don't because there ist no difference at all.

Is there anything else I need to setup in firefox?

certificate manager device manager certificate verified

Stefan
  • 13
  • 4
  • [It sounds like you need middleware](https://militarycac.com/firefox.htm) up to you what you choose – Ramhound Feb 22 '18 at 01:20
  • I'm using opensc (version 0.17) and added the card to firefox using the pkcs11 module (/usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so) – Stefan Feb 22 '18 at 02:35
  • Didn’t mention that in your question – Ramhound Feb 22 '18 at 03:18
  • sry i thought it couldn't be a middleware problem because one of the certificates is working and they all show up in the certificate manager. I'm also using the card with pam and ssh and there it checks all certificates so I asked because of some firefox settings I maybe missed. Or is there another browser for debian that works well with smartcards ? – Stefan Feb 23 '18 at 11:15
  • You didn’t mention you were using Debian in your question – Ramhound Feb 23 '18 at 11:29

0 Answers0