sslhappy-ca | dovecot-clientcert | thunderbird | apache-clientcert | firefox
on the workstation as user
Convert the separated
.key files to a single PKCS12 certificate for Firefox.
openssl pkcs12 -export -in lenovo.example.local.crt -inkey lenovo.example.local.key -out lenovo.example.local.p12 -CAfile /etc/ssl/cacert.pem chmod 400 lenovo.example.local.p12 ls -lhF lenovo.example.local.*
-chain argument was not used because we have a simple chain of trust: one CA and one client cert that are directly linked.
We used the same export password for the PCKCS12 certificate as for the passphrase of the private key.
.p12 file into Firefox
Edit > Preferences Advanced // View Certificates // Your Certificates Import... (provide unlock/export password)
Then when trying to access the page again with our Firefox browser, the user will be prompted on what certificate to provide to the server:
and the page displays fine when selecting the previously imported certificate.
NPAPI Plugins in Firefox https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/