-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unhelpful message: "A client certificate must be present and selected in your browser" #542
Comments
Hello, thanks for your report, Firefox remembers a decision to not use a certificate on a domain or ip/port. I suspect this might be the case for you. Can you validate in "settings > privacy > view certificates > authentication decisions" if your instance is listed as "send no cert"? If so, remove that entry. You might have to restart the browser and then when browsing to that LXD server the browser should ask which cert to use. Regarding the problem with the warning message - we will look into that. Please let us know if you have suggestions how to improve it. |
Thanks for the very rapid response. Yes, I can confirm that the Authentication Decisions list did have an entry for the site. It did not say "send no cert" but instead "(unavailable)". (This might indicate a bug in Firefox.) I deleted all the entries relevant to the server. That didn't help immediately. But then restarting the browser (as you suggested) did seem to force Firefox to pay attention to its own settings and ask me to select a certificate. I can now connect. Excellent. It would be great if you could improve the message for future users. A simple fix would be to link the message to your reply above! But not very neat. I would suggest a broader improvement. Since you're a web UI, it should be easy to link all messages to articles about those messages. ZFS does this even for command line output. For example, I recently ran in to a problem with a ZFS pool and Perhaps all your messages could link to a wiki (or similar) where people could contribute solutions to the problems they indicate. You have one over here -> https://github.com/canonical/lxd-ui/wiki Thanks again. |
On making a connection to the LXD UI today (to an LXD instance I have previously used), the UI refuses to authenticate, saying "A client certificate must be present and selected in your browser".
What does it mean to "select" the certificate? Neither the LXD UI nor Firefox present any UI that would allow me to select a certificate. Nor does Firefox have any obvious interface for "selecting" a certificate. Even if it does, this message is not helpful because it does not give any guidance on how to do it, or link to any documentation.
In this case, a previously-used certificate is present in the browser. That certificate is registered with the LXD. I checked this by comparing the certificate fingerprint in the browser and as shown by
lxc config trust list
. Just to make sure, I followed the steps to generate a new certificate and also installed that in the LXD instance withlxc config trust add
but this did not help -- I get the same message. Obviously I'd appreciate any insight into what is going wrong, but mainly I'd like a message that leads me to the right steps.When I connect to another LXD server (same LXD version on same version OS) I get a dialog in Firefox that says "... has requested that you identify yourself with a certificate" and asks me which one to send. Is this the "selection"? Why might one LXD ask for this and the other not?
Thanks!
Configuration details:
The text was updated successfully, but these errors were encountered: