Feedback: Certificate Authentication (mTLS) dialog doesn’t show enough information to correct select certificate
Please provide a descriptive title for your feedback:
Certificate Authentication (mTLS) dialog doesn’t show enough information to correct select certificate
Which area are you seeing an issue with?
What type of feedback are you reporting?
What does the Safari issue you are seeing involve?
Something else not on this list
Please provide a URL and screenshot if possible to help us investigate the issue:
See attached screenshots
What extensions or content blockers do you have enabled? Examples: AdBlock, 1 Blocker
Were you able to capture a screen recording of the issue occurring? If so, please attach it to this feedback report.
Do you have Private Relay enabled?
What time was it when this last occurred?
Please describe the issue and what steps we can take to reproduce it:
We use a CryptoTokenKit extension to insert certificates for mTLS in Safari. The certificates are from US Govt issued smart cards, and the common name in the certificates can be the same or the first part of the common name may be the same. Safari presents a dialog to select a certificate but it doesn’t order them in the same order each time, only provides the first part of the CN, and only shows the CN and not other information about the certificates. This cause problems with authenticating with mTLS because the user has to guess which certificate might work, and if they select the wrong one, safari may not present the dialog again if the authentication succeeds but the certificate is not authorized for that website.
In macOS, you are able to see the entire certificate when prompted, which helps to decided which certificate to select. Also, there should be the ability to see the entire CN and not just the first part of the common name.
I have attached screen shots of the dialog that appears and the certificates that were inserted into the keychain by our CTK extension.