Home » Forums » Support

Firefox 9.0.1 + ePass2003 + StartSSL problem

Submitted by alex_l on Wed, 01/25/2012 - 19:53
Posted in

Hi, first of all thank you for all the crypto resources you give to the community, as well for the great & open products you provide!

I would like to report a problem I'm having with startssl.com client authentication on windows, my setup is :

Windows 7 64-bit SP1
ePass2003 initialized and configured using feitian middleware found on the iso image provided by gooze
StartSSL client certificate
Firefox 9.0.1

Whenever I try to authenticate myself against startssl.com web server using firefox (to access my control panel) I get "ssl_error_handshake_failure_alert" after tiping my pin, I tried with 2 different ePass2003, I also tried deleting all other certificates/keypairs and keeping only startssl cert+key on the token, all to no avail.

It is worth noting that with Internet Explorer authentication works in every case.

I configured firefox with feitian pkcs#11 library provided by the middleware itself, the file is: "c:\windows\system32\eps2003csp11.dll" version 1.1.11.905

Am I missing something ? Could it be a misconfiguration by myself or a firefox bug? A possible bug in the pkcs#11 library ?

Thank you in advance.

Alex

Bookmark/Search this post with
0
Your rating: None
‹ R-310 smartcard reader both Normal (credit card size) and mini Sim ? FOAS Agent SDK C/C++, Java, and PHP ›

Re: Firefox 9.0.1 + ePass2003 + StartSSL problem

Submitted by wessel on Thu, 01/26/2012 - 00:32.

Hi,

I've the same with win7 64b.
Chrome is working very well with 2003 + Startssl
Explorer too

and for Firefox it should load the C:\Windows\System32\opensc-pkcs11.dll but that dll simply isnt there.

Add:
I reinstalled it and in teh command prompt the DLL is in the directory but in the browser of Firefox it seems invible although other dll are visible. Might be an issue with 64 and 32 bits dlls

Just my 5cnts.

Wessel

Re: Firefox 9.0.1 + ePass2003 + StartSSL problem

Submitted by alex_l on Thu, 01/26/2012 - 04:22.

Wessel, if you want to use the pkcs#11 library from the OpenSC project, you must have a library compatible with your firefox build; you probably installed opensc 64-bit on windows 7, but firefox is distributed only in 32-bit format on windows, so you need to install opensc 32 bit to have firefox recognize the .dll file; this should solve your problem.

As for my problem however, I'm using another pkcs#11 library, the one bundled with the feitian middleware, as my token is initialized and managed by feitian proprietary software.

Re: Firefox 9.0.1 + ePass2003 + StartSSL problem

Submitted by gooze on Thu, 01/26/2012 - 19:52.

I would like to reproduce, are you using Firefox 32 or 64 bit?

Re: Firefox 9.0.1 + ePass2003 + StartSSL problem

Submitted by alex_l on Thu, 01/26/2012 - 20:02.

firefox 32-bit, afaik the mozilla foundation distributes it only in 32-bit mode for windows end users, but things could have changed lately.

Thank you for your support :)