Open Bug 459845 Opened 16 years ago Updated 2 years ago

Cannot import a CA certificate

Categories

(Firefox :: Settings UI, defect)

Product:
Firefox
Component:
Settings UI
Platform:
x86
Windows Vista
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: mormegil, Unassigned)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; cs; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; cs; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 (.NET CLR 3.5.30729)

I tried to import our company CA certificates. We use a two-level setup – Root CA (self-signed), Server CA (signed by Root CA). The Root CA certificate imported fine, but when importing the Server CA, nothing happens (no error message, but the certificate does not appear in the list, either). The error console displays the following error:

Chyba: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIX509CertDB.importCertsFromFile]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: chrome://pippki/content/certManager.js :: addCACerts :: line 557"  data: no]

Reproducible: Always

Steps to Reproduce:
1. Open Tools/Options.
2. On Advanced/Encryption, click on the Certificates button.
3. On the Authorities tab, click on the Import button.
4. Select the Server CA certificate, click Open.
5. Check all purposes (or not, it seems not to have any impact on this error) and click OK.
Actual Results:  
Nothing happens – the certificate manager comes back without any error message, but the certificate is not in the list (and this can be repeated any number of times). The error console contains the abovementioned message.

Expected Results:  
The certificate should have been imported (or an error message displayed).

Note that if I view the certificate in the step #5 above, I can see it correctly, including its already imported issuer (our Root CA).
I have the same problem with 2 certificates from https://zertifikate.allgeier.com/pages/cas

In german Thunderbird 3.1.2 under german WinXP with SP3 and all current updates
Signtrust CERT Class 2 CA 4:PN produces an errormessage that translates to something like "certificate could not be verified for unknown reasons"

Signtrust CERT Class 2 CA 3:PN wouldn't install.
before renaming cert8.db it would produce the following error in the errorconsole:
Fehler: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIX509CertDB.importCertsFromFile]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://pippki/content/certManager.js :: addCACerts :: line 557" data: no]

after renaming cert8.db the error changed to:
Fehler: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIX509CertDB.importCertsFromFile]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://pippki/content/certManager.js :: addWebSiteCert :: line 613" data: no]

In german Firefox 3.6.8 the last certifikate produces an errormessage in the errorconsole too:
Fehler: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIX509CertDB.importCertsFromFile]
Quelldatei: chrome://pippki/content/certManager.js
Zeile: 613

In windows the certificates install ok and the certificate I manually save from an e-mail I got verifies ok.
It works!
On Thunderbird 3.1.7 i can import the current Rootcertificates from https://zertifikate.allgeier.com/pages/cas - and all works fine.
 ==>Please try it again with the actual certs.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.