On 09/12/2011 07:04 AM, Ferry Toth wrote: > I think you missed the following points in my story: > - the CA certificate is generated internally. This means we are CA for > our own certificates. They are not blacklisted by FF. > - to be validated we manually add the CA certificate ourselves to FF and > windows certificate store). > - FF shows the certificates are valid (linux) and so does IE (windows). > The certificates are NOT blocked. > - LO under ubuntu shows the user certificate is invalid because the CA > is not in the path (this is new) > - LO under windows works fine (yes with the security update installed > that removes diginotar)
I suggest you file a bug report on launchpad against Ubuntu's LO (ULO) version: https://bugs.launchpad.net/ubuntu/+source/libreoffice You might also install standard LO (you can do this without affecting ULO) and test to see if that is broken also. If so then you can file a bug report on bugzilla: http://wiki.documentfoundation.org/BugReport Perhaps you are experiencing this bug: https://bugs.freedesktop.org/show_bug.cgi?id=39825 [Does not find Firefox profile for digital certificate signing] The recent certificate bugs/updates are: http://www.ubuntu.com/usn/usn-1197-3 http://www.ubuntu.com/usn/usn-1197-1 https://launchpad.net/bugs/838322 http://www.ubuntu.com/usn/usn-1197-4 http://www.ubuntu.com/usn/usn-1197-1 http://www.ubuntu.com/usn/usn-1197-3, https://launchpad.net/bugs/837557 So it's quite possible that one (any) of those may have also cause breakage in ULO. > > Op maandag 12-09-2011 om 13:07 uur [tijdzone +0100], schreef Dave > Sergeant: >> On 12 Sep 2011 at 10:52, Ferry Toth wrote: >> >> > Since years we use digital signatures to sign our documents and protect >> > them from inadvertent modifications. >> > >> > The CA certificate is one generated internally. >> > >> > Now on linux (ubuntu natty) the certificates are stored by firefox and >> > since a recent upgrade to firefox 6.0.2 LO complains that the >> > certificate cannot be validated. This happen even right after adding the >> > signature. >> > >> > Apparently the root certificate cannot be found by LO. >> > >> > However, in firefox both personal and CA certificate validate fine. >> > >> > Switching to windows LO does validate the certificate fine (but there >> > the certificates are stored elsewhere). >> > >> > It look like something changed in FF that broke the digital signing in >> > LO. Or is it a configuration issue on my side? >> > >> >> This one is easy to answer. Due to an issue with fraudulent >> certificates from the Dutch company Diginotar, Firefox has removed the >> Diginotar root certificate from its certificate store. Other browsers >> have acted similarly, ie there was a Windows update to achieve the same >> on IE. Since you are based in the Netherlands I guess your documents >> are validated against Diginotar certificates. See >> http://en.wikipedia.org/wiki/DigiNotar >> >> For many of us not in your country we have never encountered a >> Diginotar certificate and it was not even in my certificate store in >> Opera. >> >> Not sure what the answer is, but this seems to be a case of unexpected >> consequences of a fairy radical update to Firefox. Your internal >> certificates are clearly properly issued, and to block them because of >> a few fraudulent ones you are only going to encounter on dodgey sites >> seems a bit OTT. >> >> Dave >> >> >> http://www.davesergeant.com >> >> > > > -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
