Closed Bug 140153 Opened 23 years ago Closed 20 years ago

[UE] Need a method to alter CA trust upon user cert import

Categories

(MailNews Core :: Security: S/MIME, defect, P3)

Product:
MailNews Core
Component:
Security: S/MIME
Version:
1.0 Branch
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 143078

People

(Reporter: mscott, Unassigned)

Details

(Whiteboard: [kerh-eha])

Attachments

(1 file)

screen shot of the blank security picker dialog
66.49 KB, image/jpeg
Details
Using 2002042403, TRUNK. I just tried to sign a message and got an error on send. When I went to my account settings and clicked on the Security panel, it listed my AOL cert correctly. However when I clicked on the select button, I got a blank dialog, it didn't show any certs in it. This is my primary profile which I've used in the past to send signed & encrypted messages so I know I have a valid cert. I'll attach a screen show showing what the blank dialog looks like.
This is probably invalid. I just discovered that my certificate expired yesterday. However we should probably handle it differently so I'll leave this bug open (but it's not severe) 1) We still list the cert in the security panel making you think you have a cert ready to go. 2) the empty cert picker dialog looks a little weird without anything in it. I wonder if we could tell you go get a certificate instead of showing that empty combo box.
Expired certs appear as invalid in the Cert Manager (or they should...) If this is not so, then it is a regression. Will modify bug 136948 to include the word 'valid'
I get an 'Unable to sign message' error trying to send any signed message, and I just got a new cert today. The message security dialog says that the status is valid, but when I view it, the Cert Viewer dialog says "Could not verify this cert because the CA cert is invalid". I have no idea what it is talking about. If the certs are bad, why does it let me sign the message, and fail only on sending?
Who did you get the cert from? Also, under preferences->security->certificates->managecertificates, check the CA tab, find the CA cert that signed your cert (either the root or intermediary) and edit the cert. if the boxes are all unchecked, check the trust boxes and see if this corrects the problem. let us know if this works. Also let us know who the CA was, and any other information related to the profile you were using (new, existing) at the time.
Problem was apparently that the CA (GTE Intranet Cert Auth) that I guess was pre-installed, had all trust settings disabled. Once I enabled 'id mail users', I was able to send signed messages.
Might be a usability issue, wherein when a certificate is imported into the Cert Manager, we prompt the user to review/edit the CA trust levels if the signing CA (or all in the chain) are untrusted for one or more purposes). Not sure how to go about this yet, so adding a [UE] and filing. Changing summary to 'Need a method to alter CA trust upon user cert import'
Summary: Unable to send signed messages → [UE] Need a method to alter CA trust upon user cert import
May want to add a note to doc too (if it isn't there already ;-)), cc lorikaplan & jatin
Sean Cotter handles security and privacy documentation... adding him to the CC: list.
Target Milestone: --- → Future
Fixing this would prevent problems as described in bug 149342
Keywords: nsbeta1
OS: Windows 2000 → All
Priority: -- → P3
Hardware: PC → All
Version: 1.01 → 2.3
Mass reassign ssaux bugs to nobody
Assignee: ssaux → nobody
Mass change "Future" target milestone to "--" on bugs that now are assigned to nobody. Those targets reflected the prioritization of past PSM management. Many of these should be marked invalid or wontfix, I think.
Target Milestone: Future → ---
Product: PSM → Core
I see two separate requests mentioned in this bug: a) Ability to trust a CA cert on user cert import. Actually we should help the user in some way, find out whether we have a trusted CA, if not, open a dialog and inform the user etc. As this bug currently has this request in its summary, let's to this here. b) The initial complaint mentioned in this bug report. I filed bug 316062 for that one.
Whiteboard: [kerh-eha]
*** This bug has been marked as a duplicate of 143078 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Version: psm2.3 → 1.0 Branch
Product: Core → MailNews Core
QA Contact: carosendahl → s.mime
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: