Setting up Firefox

sslhappy-ca | dovecot-clientcert | thunderbird | apache-clientcert | firefox

Enabling the client certificate

on the workstation as user

Convert the separated .crt and .key files to a single PKCS12 certificate for Firefox.

openssl pkcs12 -export -in lenovo.example.local.crt -inkey lenovo.example.local.key -out lenovo.example.local.p12 -CAfile /etc/ssl/cacert.pem
chmod 400 lenovo.example.local.p12
ls -lhF lenovo.example.local.*

The -chain argument was not used because we have a simple chain of trust: one CA and one client cert that are directly linked.

We used the same export password for the PCKCS12 certificate as for the passphrase of the private key.

Importing the .p12 file into Firefox

Edit > Preferences
Advanced // View Certificates // Your Certificates
Import...
(provide unlock/export password)

Then when trying to access the page again with our Firefox browser, the user will be prompted on what certificate to provide to the server:

A30jbka.png

and the page displays fine when selecting the previously imported certificate.

Java

see java-web

Resources

npapi

NPAPI Plugins in Firefox https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/