Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

cannot make Firefox load client cert from MacOS keychain

  • 1 reply
  • 1 has this problem
  • 2 views
  • Last reply by Scott

more options

I am trying to get Firefox to load client certificates from a user's MacOS login keychain to support Mutual TLS. According to this Mozilla Security blog post I *should* be able to set 'security.osclientcerts.autoload' to 'true' in Firefox 75 or later, but I have not been able to make this work.

I am testing this on MacOS 10.15.5 Beta, with Firefox 76.0.1 (64-bit). I have imported a client certificate into my user's login keychain, and have confirmed that I can access a website that requires client certificates using Safari and that certificate.

I have set 'security.osclientcerts.autoload' to 'true' in my browser's configuration preferences, but when I attempt to browse to the website the connection fails with 'SSL_ERROR_HANDSHAKE_FAILURE_ALERT'. I have also tried creating a 'user.js' preferences file, but it did not help:

% cat user.js user_pref("security.default_personal_cert", "Select Automatically");

I very much need to make this work, and would appreciate any information about other configuration steps I need to take, or things I have missed.

I am trying to get Firefox to load client certificates from a user's MacOS login keychain to support Mutual TLS. According to [https://blog.mozilla.org/security/2020/04/14/expanding-client-certificates-in-firefox-75/ this Mozilla Security blog post] I *should* be able to set 'security.osclientcerts.autoload' to 'true' in Firefox 75 or later, but I have not been able to make this work. I am testing this on MacOS 10.15.5 Beta, with Firefox 76.0.1 (64-bit). I have imported a client certificate into my user's login keychain, and have confirmed that I can access a website that requires client certificates using Safari and that certificate. I have set 'security.osclientcerts.autoload' to 'true' in my browser's configuration preferences, but when I attempt to browse to the website the connection fails with 'SSL_ERROR_HANDSHAKE_FAILURE_ALERT'. I have also tried creating a 'user.js' preferences file, but it did not help: % cat user.js user_pref("security.default_personal_cert", "Select Automatically"); I very much need to make this work, and would appreciate any information about other configuration steps I need to take, or things I have missed.

All Replies (1)

more options

FWIW: I filed bug 1637374 for this issue.