View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001160||issue tracking||public||2013-03-31 22:17||2013-09-03 05:24|
|Status||closed||Resolution||no change required|
|Platform||Thunderbird, Evolution||OS||Linux, Debian||OS Version||F18, Win7|
|Summary||0001160: Unable to import personal cert/key into Tunderbird or Evolution, hence unable to encrypt mail with CACert certificates|
|Description||When trying to import a personal certificate (pkcs12, which was exported from firefox) into Thunderbird, the certificate/key is not added. The root CA is already imported, and it is possible to import user- certificates (without the key).|
- In firefox(Win7) they are added under the webserver category (which according to the Wiki is OK), but the personal cert is simply not added.
- In evolution (Fedora 18), they are added correctly, but again the personal certs/keys are, after entering the correct password for key and storage, not added in the "Your Certificates" section.
I'm not sure where to go from here, it works fine with self-signed certs. Not sure how I could debug, either. No error message is coming up.
Thanks in advance, Chris
|Steps To Reproduce||Go to the 'Your Certificates' section and import a users certificate.|
The certificate should appear, but it doesn't.
|Tags||No tags attached.|
are you sure that you tried to import a personal/email cert/key? Since it shows up in the webserver category it is probably not a email cert...
A email cert is create in CAcert by using the menu "Client Certificates -> New", and the already created certs show up in "Client Certificates -> View".
N.B.: I do what you describe quite regularly, as I guess do most people who use CAcert certificates in Thunderbird.
* does this have to do with the last patch install ?
* Since install of patch https://bugs.cacert.org/view.php?id=964 bug 0000964 (Black Jack) automatic client cert installation and renew into FF doesn't work (install to IE5 button doesn't work)
* there is a fix available under https://bugs.cacert.org/view.php?id=1017, but still under testing
* signed public client cert will be presented in ascii for copy and paste into a file, but this cert doesn't include the private key part, so the signed public key has to be "marriaged" with the private key before the priv/pub key can be imported into the Mozilla/FF keystore
* see also FAQ client certs https://wiki.cacert.org/Technology/KnowledgeBase/ClientCerts#Renew_Client_Certs_under_FF (Renew Client Certs under FF)
The patch 0001017 workable solution can be seen on CACERT1.it-sls.de testserver
I'm sorry for the late reply, I was away for quite some time.
The issue was that the root certificate wasn't installed properly - hence the error. So it is working fine now, but I suppose it is worth a note in the instructions to make sure the root certs are installed OK, as Thunderbird gives no feedback at all if it is not.
Thanks for looking into this anyways,
|2013-03-31 22:17||Chris||New Issue|
|2013-04-06 16:04||Ted||Note Added: 0003860|
|2013-04-06 16:04||Ted||Assigned To||=> Ted|
|2013-04-06 16:04||Ted||Status||new => needs feedback|
|2013-04-16 12:50||Uli60||Note Added: 0003884|
|2013-04-16 12:51||Uli60||Relationship added||related to 0000964|
|2013-04-16 12:51||Uli60||Relationship added||child of 0001017|
|2013-05-17 04:14||Chris||Note Added: 0004006|
|2013-05-17 04:14||Chris||Status||needs feedback => needs work|
|2013-05-17 04:16||Chris||Status||needs work => solved?|
|2013-05-17 04:16||Chris||Resolution||open => no change required|
|2013-09-03 05:24||INOPIAE||Status||solved? => closed|
|2013-09-03 05:24||INOPIAE||Assigned To||Ted =>|