search

fork-maintainers / iceraven-browser

Iceraven Browser
4.67k stars 224 forks source link

client certificates #610

Open ippocratis opened 1 year ago

ippocratis commented 1 year ago

I selfhost various services behind reverse proxy and mutual tls so that they wont respond to clients unless they recieve a client certificate I have installed the PKS12 cert on the device in the user store (also transfered it to root store with root but thats not related) Chromium based browser can pick the cert as they use the android cert store Firefox android uses his own cert store Fennix (firefox android) does not support client certificates. Desktop does

It would be great if iceraven diferentiate on that matter and somehow provide a way to add the client certificates to the browsers cert store

I have tried to manually add the p12 cert to cert9 and key4 db's with pk12util following this but no luck

Thanks and keep up

TonyTwoStep commented 8 months ago

Also had this issue, but was able to fix it with the following (non-rooted device):

To use the certificates in user store, you have to use the Secret Settings menu option to use third party CA certs. From the app use the 3 dot menu -> Settings -> About iceraven, then tap on the large "Iceraven Browser" logo 5 times.

Once enabled, browse to the new "Secret Settings" menu and use the toggle option to "Use third party CA certificates":

Enabling secret menu Screenshot 2024-01-16 at 11 53 06 AM

The toggle option to use the thrid party CA certs Screenshot 2024-01-16 at 11 52 56 AM

ippocratis commented 8 months ago

@TonyTwoStep the step you describe are for ff to trust 3rd party (self signed) certs in sites during normal TLS. In mutual TLS ff instead of just verifying the sites cert also have to respond to that site providing a valid cert from the device cert store. Ff cant do that , it uses it's own cert store (key4.db cert9.db) but there is no working way to add my certs there . Tried the below author success

https://ch1p.io/import-p12-firefox-android/