We use ssl client certificates extensively in our company, and it's a huge pain to have to close down your browser every time you need to use a different certificate, which our support staff has to do on a regular basis. Is there a way to clear the ssl cache and force firefox to prompt for the certificate? IE has this option btw.
I'd also like to register my dislike of how ssl certificates get installled. No message, nothing, it just silently installs, leaving end users often confused when installing a certificate.
And while we are at it, why not a way to specify the key size when using KEYGEN instead of always letting the user decide?
How to clear ssl cache
- alteredcarbon167
- Posts: 250
- Joined: March 28th, 2006, 11:08 am
- Location: Golden State
-
- Posts: 3
- Joined: September 25th, 2006, 10:39 pm
Maybe ssl cache isn't the right term, but anyone that has used ssl client certificates to any extent knows what I'm talking about. The first time you visit a server that requires a client cert, firefox determines which certificates are accepted by the server and prompts you to choose one of them. On subsequent requests it caches your choice, and there is no way to clear that cache without closing the browser. In IE clearing the ssl state clears the client certificate cache (among other things).
Normall this isn't an issue, but our servers match on certain data in the certificate subject as part of the authentication process. That being the case, if you want to login as a different user, you have to restart firefox before it will let you hand the server a different certificate.
Normall this isn't an issue, but our servers match on certain data in the certificate subject as part of the authentication process. That being the case, if you want to login as a different user, you have to restart firefox before it will let you hand the server a different certificate.