1320526 - FF should be able to import (client) certificates using profile import from internet explorer

Status: RESOLVED WONTFIX

(Firefox :: Migration, defect)

Description

[Ikonta]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20160925183607

Steps to reproduce:

Initial point is Internet Explorer (11, but version should not matter) with some bookmarks and default settings installed client certificate (unexportable key).

I want to migrate on FF ESR (checked on 45.5.0) with IE profile import.


Actual results:

Import procedure looks succeed (no warning messages), but incomplete.
Client certificate(s) was silently skipped.


Expected results:

FF must check about valid (not expired) client certs and warn user about skipping them in default settings.

In non-default (when key is marked exportable) it should import client certificate.
Last scenario I've don't checked yet.

Comment 1

[:Gijs (he/him)]

We don't support importing (client) certificates from IE (or any other browser).

I don't think we should invest in this. I'm even skeptical I would take a patch for it, as the code would likely just bitrot and break. Dolske, thoughts?

Comment 2

[Justin Dolske [:Dolske]]

Concur. We shouldn't do this work unless there's clear data showing that there are a significant number of users using client certs (in other browsers), and that importing those certs is critical to those users having an acceptable experience when starting to use Firefox.

[And then there's the technical issue of if it's even possible to do this.]