Access Keys:
Skip to content (Access Key - 0)

Firefox prompts multiple times to select my personal certificate

Question

For some sites, such as the eCAT landing page (http://web.mit.edu/ecat/ecat3), or the HR forms site (http://web.mit.edu/hr/forms/academic.html) Firefox prompts multiple times for me to select which personal certificate to use. How can I resolve this?

Answer

The default configuration in Firefox is to "Ask every time" which certificate you'd like to use. This setting is problematic for some websites, and Firefox will ask multiple times, even if you have only one personal certificate installed.

For the purpose of avoiding this behavior, you can configure Firefox to select your certificate automatically, instead of prompting you to choose one. To do this:

  1. Follow the menu path Tools > Options (Windows) or Firefox > Preferences (Mac).
  2. Select the Advanced icon.
  3. Select the Encryption tab.
  4. In the Certificates section, change the radio button to Select Automatically.

For security reasons, and depending on whether the computer is solely for your own use, it may be better to change the setting back to Ask Every Time once you have finished accessing the site.

Note: For users who do not wish to change the setting to Select One Automatically, the multiple prompts do not seem to occur in Firefox 3.5. Note that Firefox 3.5 is a recent release, and has not received much testing by MIT users. In the limited time that it has been available, We have not heard any reports of problems with the 3.5 version.

More informations

The following information does not directly pertain to this article, but may be sueful for informationa purposes.

This pertains to Firefox displaying the site after just one prompt for the certificate, then prompting for at regular intervals with pauses in between, for as user is viewing the site.

When an SSL client and an SSL server go through the full
procedure of
negotiating a cryptographic connection (known as a
"handshake"),
including any authentication, they establish a "session".
The client
and server are each supposed to keep the information about
that session
in a local store (or "cache") of sessions (typically kept in
RAM memory),
and to reuse it in subsequent connections, rather than going
through the
full handshake again every time.

That session is expected to last in the cache until
a) either the client or server is stopped (or restarted),
b) the client or server operator manually empties the cache,
or
c) the cryptographic device (if one is being used) is
disconnected, or
c) some time limit has expired. The recommended time limit
is 24 hours,
although it's common to use 8 hour limits.

The intended effect is that a user needs to authenticate to
each server
only once a day, or as often as he restarts his browser,
which ever comes
first.

On an apache web server, the configuration setting to take a look
at is SSLSessionCacheTimeout.

IS&T Contributions

Documentation and information provided by IS&T staff members


Last Modified:

January 05, 2016

Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Labels:
c-firefox-certs c-firefox-certs Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.
Feedback
This product/service is:
Easy to use
Average
Difficult to use

This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki