Closed Bug 126539 Opened 24 years ago Closed 24 years ago

IMAP SSL no longer works after setting up for digital signing

Categories

(MailNews Core :: Security: S/MIME, defect)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
Other Branch
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
VERIFIED INVALID

People

(Reporter: lchiang, Assigned: ssaux)

Details

IMAP SSL no longer works after setting up for digital signing Win32 build 2002-02-12 Background: My account setting for one of my mail accounts is to use IMAP over SSL. I have mail set to launch upon startup. I always get prompted for my digital certificate password when logging into mail, which is correct behavior. Here is what I did today: 1. Account Setting dlg | Security section. I chose my digital certificate and enabled the checkbox for signing messages. (For the encryption setting, I also chose my certificate and enabled the checkbox for Never to encrypt.) 2. Exit and restart the application 3. For mail login, I am no longer prompted for my digital certificate password. Instead, I am prompted for my regular IMAP password. 4. I've verified that this happens even if I go back and uncheck the checkbox to digitally sign mail. I also verified that the IMAP SSL checkbox is still checked. To make sure that this wasn't an issue on the server end, I launched Netscape 6.2.1 (which doesn't understand any of the S/MIME prefs, I assume) and using the same profile as above, I was prompted for my digital certificate at mail login. BTW, can you tell me how to correct/workaround this bug? I want to go back to use IMAP SSL.
Nominate nsbeta1. IMAP SSL needs to be able to co-exist with digital signatures.
Keywords: nsbeta1
lisa, It's working for me, and I think I know what's going on: Go to prefs->sec&priv->certificates->manager certs You probably have more than one cert for yourself. One if the Intranet Certificate Authority (i.e., aol) cert, and the other is (let me guess, testca.netscape.com?, verisign?). The mail servers are configured to ask the client for "a cert suitable for signing", where they would problably better be configured to ask the client for "a cert suitable for signing, issued by the intranet certificate authority". Because you have more than one cert and your prefs->sec&priv->certificate pref is set to "choose automatically", the client chooses the most recently issued cert among those that match the server request. In your case, that's probably the "other" cert, which the server doesn't like. Ok Here's what you should do: 1) best: use the intranet cert for signing/encryption. Delete the other one (do you really need it? Export it just in case). 2) You really need that other cert. then change your pref to ask everytime, and make sure you select the right one when you log in to the mail server. Give me call, if this doesn't work or you need my help.
This is really not very user friendly :-) I have two certificates which are active, both have the same expiration date and both are signed by Intranet Certificate Authority. However, under the "Purpose" column, one shows "Server, Encrypt" and the other shows "Sign". I don't know which one to delete.
Very strange. I just exited and restarted after selecting "choose automatically" for me to pick a cert. Now, I don't see my two certs which are valid any longer.
i will mark this invalid unless we can reproduce with a new profile, from scratch. I had to remove the cert7.db, key3.db, and secmod.db and then re-imported my backup certs to fix this. The interesting thing is that using a signed cert trigged this bug to show up.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → INVALID
Verified invalid.
Status: RESOLVED → VERIFIED
QA Contact: alam → junruh
Product: PSM → Core
Product: Core → MailNews Core
QA Contact: junruh → s.mime
You need to log in before you can comment on or make changes to this bug.