Client SSL certificates do not work with Edge

Issue #14157028 • Assigned to Venkat K.

Details

Author
alex r.
Created
Oct 10, 2017
Privacy
This issue is public.
Found in
  • Microsoft Edge
Reports
Reported by 12 people

Sign in to watch or report this issue.

Steps to reproduce

When trying to browse a website that requires client certificates, my client certificate is shown in the certificate selection dialog, however when choosing it, no PIN for smart card is presented and the authentication fails.

Here are two websites to test against:
https://legalcapacity-sc.justice.gov.il/
https://online-dev.comsigntrust.com/demo/swipe.html

below are attachments that show how it works successfully on IE and what is the result on Edge.
Also attached my client certificate.

Attachments

Comments and activity

  • Microsoft Edge Team

    Changed Assigned To to “Steven K.”

  • Hi Alex,

    Due to my delay in getting to this, I would like to see if this is still an issue or if it has been resolved.  I am researching the issue now, just in case.

    Also, I removed your attachments for privacy, etc. reasons.  They are still available only to the Microsoft Edge development team.  As an FYI, you can put 'private-' at the beginning of a filename so that it will only be visible by us.

    Steve

  • Also, I was able to select a certificate and then had the option to enter a pin.  I.e. I was not able to repro this issue on Windows 10 16299.64.

    Perhaps, the client certificate was not installed properly?

    Let me know.

  • Hello,
    The issue still remains unsolved.
    I am not claiming that any client certificate does not work, it is just our certificates are not working with Edge, and I want to know how to fix it.
    We have a base of hundreds of thousands of smart cards issued with these certificates.
    They work OK with Chrome and IE and Firefox.
    Only Edge does not accept them.
    Maybe you can point me to some debugging/trace tools that will assist in the diagnostics.

    Thank you.

  • Thank you for the quick response.  I asked about this and we have an idea, however, if what we think is correct (AppContainer related) then this is not something that is customer visible or debuggable, at least that I am aware of.

    The details you provided are helpful and will allow me to get the right people on this issue.  We will let you know when there is an update.

    I also want to mention that if you have a premier support contract or want to get one, you can visit https://premier.microsoft.com and open a support incident and work with an engineer to address this issue in parallel with our investigation

    Steve

  • I also have this issue. Scenario: A website using client certificates to login. The browser displays the certificate selection and upon selecting, the user will login. Login works on Internet Explorer and Google Chrome, but Edge fails after selecting the certificate. Feel free to contact me for more details (email address in private attachment)

  • I’m also having the same problem. The box for selecting the certificate is displayed, but the password is not prompted. Login works on Internet Explorer and Google Chrome, but Edge fails after selecting the certificate. Microsoft Edge 41.16299.15.0

  • I’m with the same problem, using the Edge browser. The window/page, show the information about the certificate is shown, but is not possible login

  • Complementing: Windows 10 16299.125

  • Microsoft Edge Team

    Changed Assigned To to “Venkat K.”

    Changed Assigned To from “Venkat K.” to “Erik A.”

    Changed Assigned To to “Venkat K.”

  • Hello,

    I am developing a CNG KSP provider, and still having the issue with Windows Versión 10.0.17134.228

    Where can I get support about this issue?

  • When using Windows Insider Preview Build 17744, we also have this problem with the Edge browser (version 44) when authenticating to a site requiring SSL client certificate.

    We browse to our SSL test page.
    The ‘Select Certificate’ dialogue appears and we select the certificate corresponding to the smartcard in the card-reader.
    Edge does not display the PIN entry dialogue but instead displays an error page (cf. Edge_SSL_Error.png attached).

    This problem only appears when using Edge version 44, Edge version 42 (Win 10 17134.191) works fine with the exactly same CSP.
    This problem does not appears using IE.
    This problem only appears when using a CSP (on Insider Preview), we don’t see this problem when our MiniDriver is used for accessing the smartcard.

  • Hi has anyone found a workaround yet, as we need to either find a compatible SSL that works with Edge, this is frustrating as window 10 users are contacting us all the time complaining about the site.

    DonF

  • I’m using the version below and now I can authenticate in my production site. But the problem persists with the same behaviour when I’m debugging using Visual Studio 2017 and IIS Express.

    Windows 10 - 1803 -> 17134.228
    Microsoft Edge 42.17134.1.0
    Microsoft EdgeHTML 17.17134

  • We have the same problem with our custom CSP and smartcard…

    I have tested the last build 17751.1.

    The problem persists.

  • With our custom CNG-KSP its working on:

    Windows 10 - 1803 -> 17134.228
    Microsoft Edge 42.17134.1.0
    Microsoft EdgeHTML 17.17134

    Ask for pin, sign OK, and SSL OK

  • We still have the problem in version 17775 (Insider) using our custom CSP.

    Enabling CAPI2 logs in event viewer shows the error below.

  • CAPI2 error file in attachement (cf. CAPI2.error.xml)
    Version 17755 Insider Preview

  • The release of Windows 10 October 2018 update is getting closer and this problem will have an impact to our French healthcare professionals who use the Edge browser with their smart card and therefore the Cryptographic Services Provider.

    We are talking about more than a 1,000,000 smart card users just for the healthcare sphere.

    Will you resolves this Edge regression before the next major Windows 10 update?
    Or will we needs to inform our customers to use Chrome or Firefox as workaround?

    We can provide you all informations you need to solve this problem.

    PS : New Edge version 44.17558.1.0 tested today still does not work.

  • As for us, we tested our CSP today on the build 17760.1 with no luck :(

    Edge not connecting to HTTPS site…

  • Insider Preview 17763.1 (Edge 44.17763.1.0) resolves this issue for us (commented by Alvaro R and Bertrand P).

  • Having a similar issue: cert selection prompt is not shown by Edge, wrong (or no?) credentials are sent to the webserver and "access denied". Opening the same URL in IE11 gives opportunity to select cert, enter PIN and log on successfully to the site.

  • @André H:
    Could you enable CAPI2 logging in event viewer and see what is going on ? Any errors in it ?
    Are you running the 2018 October update ?
    As for us, the problem we mentioned earlier is fixed in the October update.

  • I am running Windows 10 Enterprise 10.0.16299 Build 16299 (which is 1709)
    Unfortunately is a corporate image which does not let me enable and read CAPI2 logs.

  • Something goes wrong with revocation checking of the server certificate. Edge fails, IE11 succeeds (as does certutil -verify). I will dig into this deeper, but the CAPI2 log is quite extensive, so I need to find some time for this

  • I have exactly the same problem - “When trying to browse a website that requires client certificates, my client certificate is shown in the certificate selection dialog, however when choosing it, no PIN for smart card is presented and the authentication fails.”

You need to sign in to your Microsoft account to add a comment.

Sign in