User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0 Build ID: 20150525110815 Steps to reproduce: I use amd64 Gentoo build of www-client/firefox-31.7.0. To reproduce this issue you need CA certificate and three client certificates, vrified by this CA. First time: start FF and import two of client certificates. After that quit FF and start it again. Goto certificate manager, remove one of previously imported certificates and import the rest one. Actual results: After typing passphrase I've seen apeeared not only the imported certificate item, but also the deleted one! Expected results: I expect, just imported certificate appear into list, without returning deleted one. P.S. Cache cleane probably will be a workaround.
Issue was confirmed in recent ESR (38.2.1).
Version: 31 Branch → 38 Branch
Any public CA certificate and three client certificates to test that?
AFAIK _restricted_ (!) client certs are incompatibe with public CA model. I don't work with Webmoney (and I don't know other widely known public service, which uses client certificate authentication), but AFAIK even then Certification Authority uses some kind of custom CA certificate. Maybe by issuing intermediate CA… But it stays question about CRL. I can attach example certs files or, better, because generated by different versions of OpenSSL certs differ (gnutls not tested at all yet), to describe procedure somewhere in wiki or better in forum (somebody who knows English better is welcome to mergi it into wiki). But just now I've find another way to check this bug: 1. Import CA or start FF with imported example test CA certificate. You can get any of such, for example from bug #1202636. 2. Delete this CA certificate. 3. Try to import it again. After step 3 you'll get error message "certificate already imported", although it is not only imported, but already deleted.
Created attachment 8660643 [details] ca.crt Attaching chain's root (custom CA) to show originally described issue.
Thanks for filing the report. This looks like the same basic issue described in Bug 435159.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Summary: incomplete deletion of client certificate → Importing a cert immediately after deleting it in the cert mgr does not work
Duplicate of bug: 435159
You need to log in before you can comment on or make changes to this bug.