If the log excerpts you have provided are complete, the certificate chain presented to the server in both cases is different.
2010-03-01 19:56:39,120 DEBUG [org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler] - <--examining cert[120005025] CN=ECRaizEstado, O=SCEE, C=PT" from issuer "CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US"> 2010-03-01 19:56:39,121 DEBUG The above certificate, which appears to be the one that's causing problems, is only presented to the server by IE, which explains why authentication succeeds in Firefox. The certificate above appears to be at the root of your trust chain, and I'd imagine it's missing in Firefox. You could confirm that by exporting the cert to a PKCS12 file and examining its contents with openssl: openssl pkcs12 -in exported-file.p12 -info M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
