View Issue Details

IDProjectCategoryView StatusLast Update
0001160issue trackingpublic2013-09-03 05:24
ReporterChris Assigned To 
PriorityhighSeveritymajorReproducibilityalways
Status closedResolutionno change required 
PlatformThunderbird, EvolutionOSLinux, Debian 
Summary0001160: Unable to import personal cert/key into Tunderbird or Evolution, hence unable to encrypt mail with CACert certificates
DescriptionWhen trying to import a personal certificate (pkcs12, which was exported from firefox) into Thunderbird, the certificate/key is not added. The root CA is already imported, and it is possible to import user- certificates (without the key).
- In firefox(Win7) they are added under the webserver category (which according to the Wiki is OK), but the personal cert is simply not added.
- In evolution (Fedora 18), they are added correctly, but again the personal certs/keys are, after entering the correct password for key and storage, not added in the "Your Certificates" section.
I'm not sure where to go from here, it works fine with self-signed certs. Not sure how I could debug, either. No error message is coming up.
Thanks in advance, Chris
Steps To ReproduceGo to the 'Your Certificates' section and import a users certificate.
The certificate should appear, but it doesn't.
TagsNo tags attached.

Relationships

related to 0000964 closed Main CAcert Website VBscript, Weak Keys script 4.php, 17.php to combine / select box key size and lower limit to 2048 
child of 0001017 closedNEOatNHNG Main CAcert Website Chrome certificate enrollement 

Activities

Ted

2013-04-06 16:04

administrator   ~0003860

Hi Chris,

are you sure that you tried to import a personal/email cert/key? Since it shows up in the webserver category it is probably not a email cert...

A email cert is create in CAcert by using the menu "Client Certificates -> New", and the already created certs show up in "Client Certificates -> View".

N.B.: I do what you describe quite regularly, as I guess do most people who use CAcert certificates in Thunderbird.

Uli60

2013-04-16 12:50

updater   ~0003884

* does this have to do with the last patch install ?
* Since install of patch https://bugs.cacert.org/view.php?id=964 bug 0000964 (Black Jack) automatic client cert installation and renew into FF doesn't work (install to IE5 button doesn't work)
* there is a fix available under https://bugs.cacert.org/view.php?id=1017, but still under testing

current situation:

* signed public client cert will be presented in ascii for copy and paste into a file, but this cert doesn't include the private key part, so the signed public key has to be "marriaged" with the private key before the priv/pub key can be imported into the Mozilla/FF keystore
* see also FAQ client certs https://wiki.cacert.org/Technology/KnowledgeBase/ClientCerts#Renew_Client_Certs_under_FF (Renew Client Certs under FF)

The patch 0001017 workable solution can be seen on CACERT1.it-sls.de testserver

Chris

2013-05-17 04:14

reporter   ~0004006

Hi Ted,
I'm sorry for the late reply, I was away for quite some time.
The issue was that the root certificate wasn't installed properly - hence the error. So it is working fine now, but I suppose it is worth a note in the instructions to make sure the root certs are installed OK, as Thunderbird gives no feedback at all if it is not.

Thanks for looking into this anyways,
Regards Chris

Issue History

Date Modified Username Field Change
2013-03-31 22:17 Chris New Issue
2013-04-06 16:04 Ted Note Added: 0003860
2013-04-06 16:04 Ted Assigned To => Ted
2013-04-06 16:04 Ted Status new => needs feedback
2013-04-16 12:50 Uli60 Note Added: 0003884
2013-04-16 12:51 Uli60 Relationship added related to 0000964
2013-04-16 12:51 Uli60 Relationship added child of 0001017
2013-05-17 04:14 Chris Note Added: 0004006
2013-05-17 04:14 Chris Status needs feedback => needs work
2013-05-17 04:16 Chris Status needs work => solved?
2013-05-17 04:16 Chris Resolution open => no change required
2013-09-03 05:24 INOPIAE Status solved? => closed
2013-09-03 05:24 INOPIAE Assigned To Ted =>