Closed
Bug 132214
Opened 22 years ago
Closed 22 years ago
Mozilla can't find certificate for new S/MIME signed mails
Categories
(MailNews Core :: Security: S/MIME, defect, P3)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 115294
Future
People
(Reporter: andrew.treloar, Assigned: ssaux)
Details
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-US; rv:0.9.9+) Gecko/20020319 BuildID: 2002031903 I have a certificate I imported from Netscape 4.7X. This cert has as its CA an internal CA within my organisation. The cert is valid until March next year, and says it can be used for Signing. The cert is visible in my Personal Certificate database. When I try to send a signed message, I get an error. Reproducible: Always Steps to Reproduce: 1. Trash Certificates7 and Key Database 3 under my Profile 2. Start Mozilla 3. Visit a page signed by the internal CA to get a copy of the CA's signing cert 4. Say I trust this cert 5. Import my personal certificate 6. Turn on digital signing of emails under Preferences using my Personal Cert 7. Create and send a signed email Actual Results: I get this error: Sending of message failed. You requested to sign this message, but the application failed to find an encryption cert to include in the signed message or the certificate has expired. Expected Results: Sent the signed email.
Comment 1•22 years ago
|
||
>S/MIME. Reporter, with the Mail/News window open, select Edit>Mail/News prefs,
security. Select a cert for BOTH signing and encrypting, and try sending signed
email again.
Assignee: mstoltz → ssaux
Status: UNCONFIRMED → NEW
Component: Security: General → S/MIME
Ever confirmed: true
Product: MailNews → PSM
QA Contact: junruh → alam
Version: other → 2.2
Reporter | ||
Comment 2•22 years ago
|
||
The only certificate I am issued by my organisation is a *signing* only cert. When I try to use it for encryption (as suggested) it doesn't show up in the list of available certs. Therefore I can't try what you have asked.
Assignee | ||
Comment 3•22 years ago
|
||
it appears that we will not support your configuration in the immediate future. Mozilla will require that you have one cert suitable for both signing or encryption, or two certs, one for each purpose. We keep this bug open to see how many people are in you case. You can go and get a verisign or thawte cert, and use that cert for encryption. That's your workaround.
Severity: major → normal
Priority: -- → P3
Target Milestone: --- → Future
Comment 4•22 years ago
|
||
I had the same problem, using Thawte FreeMail certificate, mozilla do not recognize it as an ecrypting one, so do not let me sign.
Updated•22 years ago
|
QA Contact: alam → carosendahl
I just installed the latest commercial bits from 1.0 (on my home Win2k laptop). Using old profile, I then went to http://certificates, and obtained a user certificate. I then went to mail/news settings for my Netscape account, seleced the single cert for signing, and clicked the box to sign by default. I tried to send a signed email. It failed, with following message: Sending of message failed You specified that this message should be digitally signed, but the application either failed to find an encryption certificate to include in the signed message, or the certificate has expired. Last week at work (also win2k) I tried the same, but every time I tried to send a signed email I got a crash instead. I am able to read S/MIME signed messages from other users, and view the certs.
Comment 6•22 years ago
|
||
You need to also configure the encryption cert, even if you do not plan on using it. This is a disconnect between the UI and the model that we are aware of. Once both signing and encryption are configured, you will be able to use the s/mime feature within mail.
Thanks Charles, it is working now. I hope this will be fixed, though, I had NO IDEA I would need to do this, the UI does not even hint to this: signature and encryption are clearly separate issues according to the UI.
Comment 8•22 years ago
|
||
Adding our UE poobah.
Comment 9•22 years ago
|
||
I think this is a flaw in mozilla's S/MIME implementation. There is no requirement for the S/MIME signature to include the sender's encryption certificate when sending a signed e-mail. Mozilla should include the encryption certificate if one exists, but it should not complain if it is missing - it should just sign the message without including an encryption certificate in the signature.
Updated•22 years ago
|
OS: MacOS X → All
Hardware: Macintosh → All
Comment 10•22 years ago
|
||
See also bug 115294.
Reporter | ||
Comment 11•22 years ago
|
||
I agree with comment #9. There should be no necessary relationship between having and using either a signing cert or an encryption cert. One should be able to sign without encrypting (and encrypt without signing).
Comment 12•22 years ago
|
||
*** This bug has been marked as a duplicate of 115294 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•