Infineon Security Platform Solution

Mapping Certificates to User Accounts in Mozilla Firefox

The mapping of a certificate to a user account is made automatically based on the fact that the certificate is stored in the user's local certificate database. Access to this database is protected by a user-specific password. As long as no change of the computer occurs, the certificates in the local certificate store are available.

In a large scale company network the need may arise to have the certificates available not only on one local computer, but on every machine in the network. Provided the administrative structures do not provide shared folders for storing the user profiles, the user certificates have to be exported from the user's computer into a corporate directory. This directory service then provides either a central authentication service or allows the re-import of a user certificate on another computer.

Alternative approach: User profiles stored on a shared folder (roaming profiles) reduce the administrative efforts to the lowest possible extent. In conjunction with the user certificate database and ALL other user-specific data stored in such a folder, consistent access from all over the corporate network is guaranteed.

Note: Client Authentication involves the use of the Secure Sockets Layer (SSL) of your Web server, which means that you will need to obtain a server certificate from a CA. This is because server authentication using a server certificate is mandatory for an SSL connection and client authentication is just an additional security measure.

©Infineon Technologies AG