All my certs are current and issued by the same CA. The subject is different, though not by much (basically a firstname.lastname.serial). The reason I have multiple certs from the same CA is political, and the older, primary cert has more functionality but I have to keep the new one for a server that will be stood up "soon."
So we're back to the problem that I have multiple valid certs, but I prefer to use something other than Mozilla's default selection. If this isn't possible now I'll enter it in Bugzilla; I didn't want to do that unless someone can provide a reason why it's not that way now. thanks, tg. Julien Pierre <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > tom glaab wrote: > > I have various client SSL certificates stored in my Netscape/Mozilla > > browser. Unfortunately Mozilla always defaults to the newest (by > > date), not the one I use most often. > > > > Is there a way to force Mozilla to use the other cert by default? > > > > thanks, > > tg. > > Do those certificates have the same subject or not ? > > If so, Mozilla will indeed choose the newest cert. If your PKI is > implemented properly, only one cert should be valid at any time, and any > old certs should be revoked by the CA. This is why Mozilla won't try to > use the old certs. > > If on the other hand the certs have different subjects, they should also > have different nicknames, and you can select the one you want to use. Go > to Edit/Preferences/Certificates and click on "Ask every time". > You will then be presented with a list of certificates to choose from > when you connect to an SSL server that requires a client cert. > Do note however that in current versions of the SSL/TLS protocols, the > server dictates which cert issuers (CAs) it will accept, and therefore > not all your certificates will show up in the drop-down list, but rather > only the ones that have been issued by CAs deemed acceptable by the server.