Closed
Bug 140153
Opened 22 years ago
Closed 19 years ago
[UE] Need a method to alter CA trust upon user cert import
Categories
(MailNews Core :: Security: S/MIME, defect, P3)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 143078
People
(Reporter: mscott, Unassigned)
Details
(Whiteboard: [kerh-eha])
Attachments
(1 file)
66.49 KB,
image/jpeg
|
Details |
Using 2002042403, TRUNK. I just tried to sign a message and got an error on send. When I went to my account settings and clicked on the Security panel, it listed my AOL cert correctly. However when I clicked on the select button, I got a blank dialog, it didn't show any certs in it. This is my primary profile which I've used in the past to send signed & encrypted messages so I know I have a valid cert. I'll attach a screen show showing what the blank dialog looks like.
Reporter | ||
Comment 1•22 years ago
|
||
Reporter | ||
Comment 2•22 years ago
|
||
This is probably invalid. I just discovered that my certificate expired yesterday. However we should probably handle it differently so I'll leave this bug open (but it's not severe) 1) We still list the cert in the security panel making you think you have a cert ready to go. 2) the empty cert picker dialog looks a little weird without anything in it. I wonder if we could tell you go get a certificate instead of showing that empty combo box.
Comment 3•22 years ago
|
||
Expired certs appear as invalid in the Cert Manager (or they should...) If this is not so, then it is a regression. Will modify bug 136948 to include the word 'valid'
Comment 4•22 years ago
|
||
I get an 'Unable to sign message' error trying to send any signed message, and I just got a new cert today. The message security dialog says that the status is valid, but when I view it, the Cert Viewer dialog says "Could not verify this cert because the CA cert is invalid". I have no idea what it is talking about. If the certs are bad, why does it let me sign the message, and fail only on sending?
Comment 5•22 years ago
|
||
Who did you get the cert from? Also, under preferences->security->certificates->managecertificates, check the CA tab, find the CA cert that signed your cert (either the root or intermediary) and edit the cert. if the boxes are all unchecked, check the trust boxes and see if this corrects the problem. let us know if this works. Also let us know who the CA was, and any other information related to the profile you were using (new, existing) at the time.
Comment 6•22 years ago
|
||
Problem was apparently that the CA (GTE Intranet Cert Auth) that I guess was pre-installed, had all trust settings disabled. Once I enabled 'id mail users', I was able to send signed messages.
Comment 7•22 years ago
|
||
Might be a usability issue, wherein when a certificate is imported into the Cert Manager, we prompt the user to review/edit the CA trust levels if the signing CA (or all in the chain) are untrusted for one or more purposes). Not sure how to go about this yet, so adding a [UE] and filing. Changing summary to 'Need a method to alter CA trust upon user cert import'
Summary: Unable to send signed messages → [UE] Need a method to alter CA trust upon user cert import
Comment 8•22 years ago
|
||
May want to add a note to doc too (if it isn't there already ;-)), cc lorikaplan & jatin
Comment 9•22 years ago
|
||
Sean Cotter handles security and privacy documentation... adding him to the CC: list.
Updated•22 years ago
|
Target Milestone: --- → Future
Comment 10•22 years ago
|
||
Fixing this would prevent problems as described in bug 149342
Comment 12•20 years ago
|
||
Mass change "Future" target milestone to "--" on bugs that now are assigned to nobody. Those targets reflected the prioritization of past PSM management. Many of these should be marked invalid or wontfix, I think.
Target Milestone: Future → ---
Comment 13•19 years ago
|
||
I see two separate requests mentioned in this bug: a) Ability to trust a CA cert on user cert import. Actually we should help the user in some way, find out whether we have a trusted CA, if not, open a dialog and inform the user etc. As this bug currently has this request in its summary, let's to this here. b) The initial complaint mentioned in this bug report. I filed bug 316062 for that one.
Whiteboard: [kerh-eha]
Comment 14•19 years ago
|
||
*** This bug has been marked as a duplicate of 143078 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•