Closed Bug 128409 Opened 23 years ago Closed 9 years ago

Certificates and keys are no longer visible with NSS 3.4

Categories

(Core Graveyard :: Security: UI, defect, P3)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: markus.bitterli, Unassigned)

References

Details

(Whiteboard: [kerh-brz])

I have a smartcard which works fine with the 0.98 version of Mozilla. On this smartcard are stored two user certificates with their corresponding keys and two CA certificates. The two user certs and keys can be used for e-mail signing and web authentication without any problem. Since the newest nigthly builds, I assume since NSS 3.4, none of the certificates is visible and therefore are no longer useable. I have deleted several times the cert and security db without any effect. For me it is important that the smartcard will work together with Mozilla. Therefore I will provide additional information as soon as somebody tells me what is needed. With kind regards, Markus Bitterli
Report, is this a dupe of bug 99610? What happens when you try client auth after selecting Edit>Prefs>Privacy>Certs>Ask Every Time?
The result is the same the certs are not usable, but since every thing worked fine with the 0.98 version I am not sure wheter it is the same. Actually I got the following error message when I set it to "Ask every time" and tried to access a server which requiers client authenticatino with certificastes: "servername.domain received an incorrect or unexpected message. Error Code: -12227"
In a newer build, that error would state instead of a number, "SSL peer was unable to negotiate an acceptable set of security parameters." Under Edit>Prefs>Privacy>SSL, make sure all of the ciphers are available.
They are all enabled.
Is this still happening with daily builds? Have you tried a new profile?
Priority: -- → P3
Target Milestone: --- → 2.2
I experienced the same problem when upgrading from Mozilla 0.9.8 to 0.9.9 (Build 20020311). The 3 certificates on the smart card are no longer visible. This not only affects web authentication, but it also prevents selecting one of the certificates for signing email. The certificates were visible from Mozilla 0.9.8 and web authentication and email signing were possible. I have tried this with a pre-exsisting profile and with a new one. With the pre-existing profile, even though the signing certificate did not show up, it was still possible to sign email because the signing certificate had been selected previously in Mozilla 0.9.8. With the new profile, it was not possible to select one of the smart card certificates for web authentication or signing. I am using an ActivCard reader with ActivCard Gold 2.1.0 middleware. The card reader and middleware are functioning correctly and I am able to view the three certificates on the card using ActivCard Gold utilities and Netscape 4.79 with or without PSM.
I've tested it again with Build 2002040314 and a new profile and it is still the same.
Reporter, what if you specifically log in to the hardware device ahead of time? Edit>Prefs>Privacy>Certs>Manage Security Devices. Click on your device, then on Log In. Can you see and use the certs on the card then?
I can't do that, since the smart card tells the software that it has no password to open it. The reason for that is that it makes no sense that every single application knows the password to the smartcard. Therefore a smartcard specific application opens the card and from then on it tells the applicaiton that there is no password needed.
nsbeta1
Keywords: nsbeta1
Version: 1.01 → 2.3
Can somebody tell me what the date of the target milestone 2.2 is?
Fixing this depends on bug 135303.
Status: UNCONFIRMED → NEW
Component: Daemon → Client Library
Depends on: 135303
Ever confirmed: true
Target Milestone: 2.2 → 2.3
No longer depends on: 135303
the fixes are on the tip of NSS. The tip of NSS is not used by either the mozilla trunk or the 1.0.0 branchy. The plan is to get the tip of NSS to the trunk of Mozilla by moving the tag, but only when we think NSS is stable enough. Once that is done we must get the tag merged onto the branch is we want MachV to have these changes.
Blocks: smartcard
Depends on: 135303
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody
Product: PSM → Core
Do we still have this problem?
Whiteboard: [kerh-brz]
changing obsolete psm* target to --- (unspecified)
Target Milestone: psm2.3 → ---
QA Contact: junruh → ui
Version: psm2.3 → 1.0 Branch
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → INCOMPLETE
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.