#certificate #authentication #firefox #macos #client #windows #pkcs

osclientcerts

Platform-specific support for client authentication certificates in Firefox

3 releases

0.1.2 Aug 14, 2019
0.1.1 Aug 14, 2019
0.1.0 Aug 14, 2019

#20 in #pkcs

MPL-2.0 license

100KB
3K SLoC

osclientcerts

osclientcerts is a PKCS#11 module that will give Firefox the ability to use client authentication certificates stored in OS-specific mechanisms.

Support

osclientcerts currently has preliminary support for MacOS (using the keychain) and Windows (using CNG). Only RSA and EC keys are supported.

Howto

For the time being, this module must be manually compiled and added to Firefox. Clone the repo and run cargo build to build (this requires that a rust toolchain be installed, as well as a platform-specific development toolchain). Once built, there should be a file libosclientcerts.dylib (for MacOS) or osclientcerts.dll (for Windows) in target/debug (or target/release for release builds). To add the module to Firefox, open about:preferences, search for "Security Devices", and click the corresponding button. Then click "Load" and enter the path to the module library file (or find it using the file picker). Click "OK" (you can also give the module a more descriptive name). Once loaded, the module should allow Firefox to use client authentication certificates that are stored in or accessible from platform-specific mechanisms. Please file an issue if you encounter a certificate that should work but doesn't.

Dependencies

~3–13MB
~148K SLoC