Hi,
[I erroneously posted this message on netscape.public.mozilla.crypto
before]
I have tried a number of things to make Thunderbird import a
certificate and key, with no success. Originally it was in PKCS12
format, issued by my organization as my personal certificate. Whenever
I try to import it, I get the error message "The certificate and
private key already exist on the security device" (which was definitely
not true - it even failed with an empty certificate db).
The certificate was made for signing and came together with another
certificate (made for encryption) with which I had no problems. In the
same package, I also got two CA certs in pkcs12 format which I also
imported happily.
I then converted the certificate to PEM format with openssl. Trying to
import the PEM cert with thunderbird generated no error message, but
still the imported certificate showed up nowhere. certutil -L also
didn't list it.
Importing the cert into the db with certutil -i, however, worked as far
as certutil itself was concerned (the cert showed up afterwards with
certutil -L). But in the thunderbird certificate manager, the imported
certificate still wouldn't show up, neither under "personal
certificates" nor anywhere else.
Looking at the certificates with "openssl x509" I found no indication
of anything being wrong with it (but really judging that exceeds my
level of expertise). The only noteworthy thing is that the certificate
was originally generated for import with the CryptoEx Outlook plugin,
and made for signing only:
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Subject Alternative Name:
email:[EMAIL PROTECTED]
X509v3 Extended Key Usage: critical
E-mail Protection, 1.3.6.1.4.1.311.10.3.12
I tried different thunderbird versions, latest was 1.5.0.8, with no
difference.
I tried to import these certificates with kmail (Ägypten), and
everything worked fine there.
I'd appreciate any suggestions.
Thanks,
Martin
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
