How can I choose a different client certificate in Firefox?

Question

When I choose a client certificate in Firefox (or cancel choosing none), Firefox seems to remember this decision even though I've told it to ask me every time. I understand that it'd be useless for Firefox to ask me every page load, so of course it's remembering my decision for the length of whatever it thinks of as a session, but how can I change that selection or close that session? It's not a per-tab decision...

Thanks!

possible duplicate of [How do you present a different PKI client certificate to a server once you have already presented one, in Firefox?](http://stackoverflow.com/questions/24040662/how-do-you-present-a-different-pki-client-certificate-to-a-server-once-you-have) — nmaier, Jan 28 '15 at 18:50

score 12 · Accepted Answer · edited Jun 18 '20 at 02:45

12

You need to clear SSL session state of your browser. Take a look at my anwer to a similar question:

in Firefox choose History -> Clear Recent History... and then select "Active Logins" and click "Clear Now".

edited Jun 18 '20 at 02:45

JamesTheAwesomeDude

658
7
19

answered Jan 09 '15 at 16:42

jariq

11,681
3
33
52

7

I had to also check to clear "Site Preferences" in FF 84.0.2. Then it works. – Eugene Ryabtsev Jan 22 '21 at 05:56
3

Can confirm Eugene comment FFox 88.0.1 Site Preferences has to be checked also – jpp1jpp1 May 06 '21 at 15:50
3

I can confirm that clearing "Site Preferences" does the job, "Active Logins" no longer needs to be checked. – mwfearnley May 13 '21 at 09:39
3

In Firefox 96 there is no "Site preferences", but it is called "Site settings" – Joep Weijers Jan 17 '22 at 10:58

Xavi Montero · Answer 2 · 2022-08-12T10:49:34.540

With the selected answer (2015), you clear "all data since the last XXXX hours". Nevertheless, as per this answer (2020) from @Luke https://stackoverflow.com/a/65303926/1315009 you can pick what decissions to remove, site per site.

Settings > Privacy & Security > Security > View Certificates... > Tab Authentication Decisions => Pick from the list and delete.

Tested on Firefox v102.0.1 & v103.0.2 and it works.

hint

Inside settings type cert in the search and you get there in a split-second:

score 6 · Answer 3 · answered Jan 29 '21 at 17:38

The most straightforward way to indicate Firefox that you want to be asked every time for the right certificate is to adjust the security.default_personal_cert property in "Advanced Preferences". I have not found a way to do it through the "Options" menu, which is the recommended and safe way to change your Firefox preferences.

How to proceed:

Access Firefox's "Advanced Preferences" by opening a new tab and typing about:config into the address bar
Firefox will display a "Proceed with caution" warning. Click on "Accept the risk and continue".
On the "Search preference name" bar, type security.default_personal_cert
Set the value of that property to Ask Every Time
Close the tab (make sure that you do not change anything else)

You are done. If a website needs a certificate, you will now be asked to choose one from the list instead of having it automatically selected.

(Note: I am using Firefox 85.0 (64-bit) on Windows 10. If I am not wrong, previous versions of Firefox allowed to change that preference from "Options".)

How can I choose a different client certificate in Firefox?

3 Answers3

hint

Linked