Firefox remembers the selected certificate for client certificate authentication by default (Remember this decision). However when attempting to authenticate and clicking cancel (for various reasons, for example no certificate exists), Firefox apparently remembers that too.
Reproduce by going to https://www.startssl.com/?app=12 and click on "Authenticate" and hit cancel. Try to authenticate again and the request fails automatically. The only way to get out of this, is by restarting the browser completely.
Firefox should not send ANYTHING to the server when the request is canceled at the client side and certainly should not remember that decision. Users get very confused because they don't regularly restart their browser.
These instructions can be used to clear what SSL certificate is used for logging in to various sites including StartSSL.
IE
Note that IE has an option to forget/clear the remembered state with a button press. No need to restart the browser.
In IE8 : menu Tools / Internet Options / Content / Certificates / Clear SSL state
Firefox
Tools / clear recent history / time range: everything / details:
- check "Active Logins"
- uncheck everything else, so you don't lose that information
- Clear now
Test Scenario
Scenario
I've tested this with www.startssl.com
- I have a personal cert
- I authenticate
- I select "remember"
- OK
On the web site, in the upper right, I click that logout icon (go out of the door). If I do, I will briefly see the start page, however, because Firefox has the use of the client cert remembered, it will immediately log in again using the client cert. Next, I use above steps to "clear active logins". Now, if I clock the logout icon on the StartSSL site, I will be really logged out.