Open Bug 1169926 Opened 9 years ago Updated 2 years ago

Self-signed root ca certificate import failed without warning before system restart

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
31 Branch
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: typewriter.typogeek, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Iceweasel/31.7.0
Build ID: 20150513015018

Steps to reproduce:

On Debian Jessie - Thunderbird/Icedove ver=31.7.0 os=Linux buildid=20150518225225
I could not import the following self-signed root ca certificate before a system-restart:
http://ca.it-economics.de/it-economics_CA.crt
x509 cert in PEM format


Actual results:

Imported certificate into Firefox/Iceweasel 31.7.0 successfully and added usage property flags for mail and website validation.

Exported certificate into availible different formats (PEM, PKCS7, DER), then (after adding missing adequate  file extensions) trying to import into Iceweasel, which kept failing without warning or comment.

Downloading the .crt file and/or renaming to .cer and trying to import directly into Iceweasel ended with same results, no warning or comment showed up. 
CA- and usage flags were present. 
Gave up after spending several hours and trying different cert format iterations.

Re-trying after restart today suddenly all of the above methods worked - but I had to set the cert usage flags newly, when importing into Iceweasel. 

I was not able to respond to a mail with S/MIME certificate based on that root ca cert until now.


Expected results:

At least directly importing the downloaded .crt file into Iceweasel should have worked without problems, or after usage flags were set manually.
A warning popup about why import was failing is to be expected.
Sorry for the mistake - the problem above applies to the IceDOVE mail client not Iceweasel, of course. 

If I understand correctly, since TB 31.2 this bug should be fixed and not apply anymore:
https://bugzilla.mozilla.org/show_bug.cgi?id=1036338

Between the failing and successful retry, I've also removed and re-imported the previously successfully loaded cert in Iceweasel's certificate manager, if that's of any importance.
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.