Hello guys,
I have contacted Rainbow Technologies and they have advised me that the middleware that is currently used with the iKey 2032 is not supported in Mozilla.
Just to clarify though, I have imported the certs into the Certificate store ok, imported the CA and OCA's as required, ensured the correct e-mail address is in the mail profile and also on the cert and the issue persists (issue being 'Certificate Manager can not locate a valid certificate that can be digitally used to sign your messages').
But it does work ok for the iKey 3000 series and its middleware.
Thanks for all your help.
Jason
| Nelson B Bolyard <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 27/11/2004 12:57 PM
|
To: [EMAIL PROTECTED] cc: Subject: Re: Issue with Mozilla 1.7.3 Classification: |
[EMAIL PROTECTED] wrote:
>
> Question:
>
> I am attempting to encrypt and sign e-mails with a Rainbow iKey2032 in
> Mozilla 1.7.3. I have loaded on the PKCS#11 module and when I try to
> import the certificates within mail
import the certificates within mail?
AFAIK, certs are not imported within mozilla's email UI. Certs are
imported by mozilla's certificate manager. You start the cert amanger
by going to Edit -> Preferences -> "Private & Security" -> "Certificates"
and bonking the "Manage Certificates" button.
Certs only need to be imported if they are not already in your iKey and
also are not in your browser's cert DataBase. If your personal signing
and/or encryption certs are already on your token, you don't need to
import them, otherwise, you need to import them into the iKey.
If the cert for the CA that issued your cert is already in your iKey OR
in mozilla's cert DataBase, then you don't need to import it, otherwise
you need ti import it into either (a) your iKey or (b) your copy of
mozilla's cert DB.
If your cert was not issued by one of the public CAs that is already
known to mozilla (recorded in mozilla's store of trusted CA certs) then
you need to mark the root issuer CA for your cert as trusted for email.
Finally, you need to select your default signing and encryption cert(s)
in the "mail and newsgroup account settings", under "security".
> it comes up with the error:
> 'Certificate Manager can not locate a valid certificate that can be
> digitally used to sign your messages' (this is when I attempt to import
> the signing cert, but this also happens when I try to import the
> encryption cert).
Hmm. That message ought to occur when you attempt to sign a message, if
you don't have a validated cert chosen for signing. I've never seen it
happen when you're importing a cert.
> I have done a bit of reading and I have found out that the iKey software
> (which would include the relevant module) is not supported in Netscape
> versions above 6.0/6.1.
Not supported by whom? Please cite a reference URL for that information.
> Does this incompatibility also apply to Mozilla?
If the iKey PKCS11 module (software) supports PKCS11 version 2.0 (or later)
properly, then it should work with mozilla.
> Jason Conomos
If you need further help, we could help you more if you tell us this info:
a) what CA issued your cert?
b) what certs are already in your iKey, if any?
/Nelson
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
****************************************************************
NOTICE - This message is intended only for the use of the
addressee named above and may contain privileged and
confidential information. If you are not the intended recipient
of this message you are hereby notified that you must not
disseminate, copy or take any action based upon it. If you
received this message in error please notify HIC immediately.
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of HIC.
****************************************************************
