Closed Bug 132214 Opened 22 years ago Closed 22 years ago

Mozilla can't find certificate for new S/MIME signed mails

Categories

(MailNews Core :: Security: S/MIME, defect, P3)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 115294
Milestone:
Future

People

(Reporter: andrew.treloar, Assigned: ssaux)

Details

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:0.9.9+)
Gecko/20020319
BuildID:    2002031903

I have a certificate I imported from Netscape 4.7X. This cert has as its CA an
internal CA within my organisation. The cert is valid until March next year, and
says it can be used for Signing. The cert is visible in my Personal Certificate
database. When I try to send a signed message, I get an error.

Reproducible: Always
Steps to Reproduce:
1. Trash Certificates7 and Key Database 3 under my Profile
2. Start Mozilla
3. Visit a page signed by the internal CA to get a copy of the CA's signing cert
4. Say I trust this cert
5. Import my personal certificate
6. Turn on digital signing of emails under Preferences using my Personal Cert
7. Create and send a signed email

Actual Results:  I get this error:

Sending of message failed.
You requested to sign this message, but the application failed to find an
encryption cert to include in the signed message or the certificate has expired.

Expected Results:  Sent the signed email.
>S/MIME. Reporter, with the Mail/News window open, select Edit>Mail/News prefs, 
security. Select a cert for BOTH signing and encrypting, and try sending signed 
email again.
Assignee: mstoltz → ssaux
Status: UNCONFIRMED → NEW
Component: Security: General → S/MIME
Ever confirmed: true
Product: MailNews → PSM
QA Contact: junruh → alam
Version: other → 2.2
The only certificate I am issued by my organisation is a *signing* only cert.
When I try to use it for encryption (as suggested) it doesn't show up in the
list of available certs. Therefore I can't try what you have asked.
it appears that we will not support your configuration in the immediate future.

Mozilla will require that you have one cert suitable for both signing or
encryption, or two certs, one for each purpose.

We keep this bug open to see how many people are in you case.

You can go and get a verisign or thawte cert, and use that cert for encryption.

That's your workaround.
Severity: major → normal
Priority: -- → P3
Target Milestone: --- → Future
I had the same problem, using Thawte FreeMail certificate,
mozilla do not recognize it as an ecrypting one, so do not let me sign.
QA Contact: alam → carosendahl
I just installed the latest commercial bits from 1.0 (on my home Win2k laptop).
Using old profile, I then went to http://certificates, and obtained a user
certificate. I then went to mail/news settings for my Netscape account, seleced
the single cert for signing, and clicked the box to sign by default. I tried to
send a signed email. It failed, with following message:

Sending of message failed

You specified that this message should be digitally signed, but the application
either failed to find an encryption certificate to include in the signed
message, or the certificate has expired.

Last week at work (also win2k) I tried the same, but every time I tried to send
a signed email I got a crash instead.

I am able to read S/MIME signed messages from other users, and view the certs.
You need to also configure the encryption cert, even if you do not plan on using
it.  This is a disconnect between the UI and the model that we are aware of.

Once both signing and encryption are configured, you will be able to use the
s/mime feature within mail.

Thanks Charles, it is working now. I hope this will be fixed, though, I had NO
IDEA I would need to do this, the UI does not even hint to this: signature and
encryption are clearly separate issues according to the UI.
Adding our UE poobah.
I think this is a flaw in mozilla's S/MIME implementation. There is no 
requirement for the S/MIME signature to include the sender's encryption 
certificate when sending a signed e-mail. Mozilla should include the encryption 
certificate if one exists, but it should not complain if it is missing - it 
should just sign the message without including an encryption certificate in the 
signature.
OS: MacOS X → All
Hardware: Macintosh → All
See also bug 115294.
I agree with comment #9. There should be no necessary relationship between
having and using either a signing cert or an encryption cert. One should be able
to sign without encrypting (and encrypt without signing).

*** This bug has been marked as a duplicate of 115294 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.2 → 1.0 Branch
Product: Core → MailNews Core
QA Contact: carosendahl → s.mime
You need to log in before you can comment on or make changes to this bug.