If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

endless password query when trying to import a password protected self signed pkcs12 file



Core Graveyard
Security: UI
11 years ago
a year ago


(Reporter: Oliver, Assigned: kaie)


1.8 Branch
Windows XP

Firefox Tracking Flags

(Not tracked)




(1 attachment)

2.02 KB, application/octet-stream


11 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/20061204 Firefox/
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv: Gecko/20061204 Firefox/

When trying to import a self signed pkcs12 certificate, the password dialogue
does not accept the correct password silently and produces a query loop
It always asks for the master password of the certificate also if it's correct.

Reproducible: Always

Steps to Reproduce:
1. Extras -> Einstellungen -> Erweitert -> "Zertifikate anzeigen" -> "Ihre Zertifikate" -> Importieren
(english guess: options -> settings -> advanced -> show certificates -> your certificates -> import)
2. choose password protected pkcs12 file
3. type password

Actual Results:  
endless password query

Expected Results:  
import file after the correct password is given

also wrong passwords loop infinite

it works in older firefox releases and IE (bug just affects firefox 2.0)

The major problem resulting from this error is that client certificates
are unable to be imported - but they are needed to access several sites.
Is this a regression between Firefox 2.0 and ?
Assignee: nobody → kengert
Component: Preferences → Security: UI
Product: Firefox → Core
QA Contact: preferences
Version: unspecified → 1.8 Branch

Comment 2

11 years ago
I'm sorry, but it worked with 1.5.x and directly upgraded to 
 - so I'm unable to tell you the behavior under
I tested it on an old computer with Firefox 1.0.5 - and it worked faultless.
But 1.0.5 seems to be relatively old - so I'm not sure, if this helps.

Comment 3

11 years ago
Some colleagues are also using and able to reproduce the error.

Aren't you able to reproduce it?
I don't have a certificate to test with. You can get installers for older versions of Firefox at


where you add the version, and then win32/de/Firefox%20Setup%202.0.exe
Eg, Firefox 2 is

Comment 5

11 years ago
It's impossible... the upgrade to firefox 2 must have changed something in
my profile.. can that be true?

I've used firefox 1.5 before without problems and now I've jumped back
several times til I ended up at firefox 1.0.5 and I'm still unable to
import the certificate. But as I wrote before, it works on an firefox
1.0.5 on another computer and it also fails on the computers of my colleagues
using firefox - so it's not just me.

I've created a test certificate and will upload it so that you are
able to verify the import problems. The password is simply "neon".

Comment 6

11 years ago
Created attachment 250355 [details]
self signed test certificate

for testing the import problem by your side

Comment 7

11 years ago
I can import this file just fine, using the latest Firefox 2.0.x nightly build.

Oliver, please let me ensure that you understood the "master password" concept correctly.

Firefox uses a master password to protect all the certificate and private keys that you own.

The first time when you created such private data, Firefox prompted you to set up the master password (and you had to enter it twice).

When you attempt to import a pkcs12 file, you must first enter the master password - not yet the file password.

If you are repeatedly asked to enter the master password, it means you entered it incorrectly.

Comment 8

11 years ago
Kai, you're absolutely right. I was now able to import both keys.

I was wondering about the term "master password" being asked for
at importing a password protected certificate, but I thought on
a bad translation cause I didn't remember the new master password

I'm really sorry about that.

Comment 9

11 years ago
resolving bug as INVALID per reporter comments
Last Resolved: 11 years ago
Resolution: --- → INVALID
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.