Closed Bug 119641 Opened 23 years ago Closed 23 years ago

can't send digitally signed messages

Categories

(MailNews Core :: Security: S/MIME, defect)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
1.0 Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED WORKSFORME

People

(Reporter: patrick.hendriks+bugzilla, Assigned: ssaux)

Details

From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:0.9.7+) Gecko/20020111 BuildID: 2002011103 after the fixing of bug 117714 , at least now mozilla allows me to select a certificate to use for digitally signing my e-mail. However, when attempting to send signed e-mail I get "sending of message failed you requested to digitally sign the message but the application failed to find the signing certificate you specified in your Mail/News account preferences or the certificate has expired" My Certificate expires 9/10/2002 and since i was able to specifiy a certificate in my Mail/News settings, it means that Mozilla could find the certificate before, right? Reproducible: Always Steps to Reproduce: 1.installed a certificate 2.selected it in the Mail/News setting under Security for my e-mail address 3.checked the box for DIGITALLY SIGN 4. create a test message, with the sign option enabled, click SEND Actual Results: "sending of message failed you requested to digitally sign the message but the application failed to find the signing certificate you specified in your Mail/News account preferences or the certificate has expired" Expected Results: it would send the message Mail account is IMAP, certificate is from thawte.com
->PSM S/MIME
Assignee: mstoltz → ssaux
Component: Security: General → S/MIME
Product: MailNews → PSM
QA Contact: junruh → alam
Version: other → 2.2
Does the certificate validate? Go to the certificate manager (prefs->security->certificates) Look at the Mine tab. Your certificates should say "true" in the "Verified" column. If they don't say true, that's probably because the Issuer (Certificate Authority) cert is missing from your database or is untrusted. You determine that it's missing if when you view the certificate and go to the "Details" tab, the Certificate hierarchy doesn't chains up to a root (you can select each one in the hierarchy and see the detail for that cert). If you don't have the certificate get to the issuer for the certificate. They should have a link that allows you to load it. If it appears that you have a certificate hierarchy, then jot down the CA cert names, then go to the CA tab of the certificate manager. Locate the ca certs, and examine their trust bit (Edit), and set the trust bits appropriately. Note that its enough to trust the root, and let any intermediate ca inherit the root trust bits.
thanks stephane, that did the trick! It seems that "Thawte Personal Freemail RSA" and "Thawte Personal Freemail CA" by default have all trust bits unchecked. Is there a reason behind this, or should it be changed in Mozilla?
You've probably hit another bug which causes the trust bits of a built in objects to be overwritten when one imports a certificate from a p12 file. When you created a p12 file, your cert and the entire chain up to and including the Thawte root was saved. When you imported it to your database, the bug caused a copy of the root to be made in the software security device, and the trust were not set. Because the cert stored in the ssd will be found before the one in the built-in object the trust are not set. There's a bug number out there. I'm aware of it and it will be fixed independently. Marking works for me.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
Verified worksforme.
Status: RESOLVED → VERIFIED
QA Contact: alam → junruh
Product: PSM → Core
Version: psm2.2 → 1.0 Branch
Product: Core → MailNews Core
QA Contact: junruh → s.mime
You need to log in before you can comment on or make changes to this bug.