搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Firefox using an expired certificate instead of a current one to authenticate access to a secured website

  • 1 回覆
  • 0 有這個問題
  • 1 次檢視
  • 最近回覆由 furd

more options

I work at MIT, where personal certificates are issued by MIT to control access to restricted websites and campus resources.

The certificates expire after a year and have to be renewed.

For all of 2022, my Firefox correctly used my 2022 certificate to access websites, even though I also had expired 2020 and 2021 certificates stored and listed in the Certificate Manager.

Our 2022 certificates expired on July 31. I already had installed my 2023 certificate in the Certificate Manager, where it is presently listed. HOWEVER, Firefox seems to be offered up the expired certificate to all my MIT websites, despite the fact it's expired.

I have tried removing my "Active Logins" in the History:Clear Recent History... dialog, but that makes no difference.

There ought to be some way to instruct Firefox NOT to automatically pick what it used to use, and use something new, but I cannot figure out how to force such a thing.

Ideas?

I work at MIT, where personal certificates are issued by MIT to control access to restricted websites and campus resources. The certificates expire after a year and have to be renewed. For all of 2022, my Firefox correctly used my 2022 certificate to access websites, even though I also had expired 2020 and 2021 certificates stored and listed in the Certificate Manager. Our 2022 certificates expired on July 31. I already had installed my 2023 certificate in the Certificate Manager, where it is presently listed. HOWEVER, Firefox seems to be offered up the expired certificate to all my MIT websites, despite the fact it's expired. I have tried removing my "Active Logins" in the History:Clear Recent History... dialog, but that makes no difference. There ought to be some way to instruct Firefox NOT to automatically pick what it used to use, and use something new, but I cannot figure out how to force such a thing. Ideas?

所有回覆 (1)

more options

Nevermind -- MIT supplies a tool that helps us with this that has taken care of it - it "updates" our identity preferences AFTER asking us to specify the correct certificate from the Keychain

However, I can imagine that others without that infrastructure might want to know the answer to this.