Closed Bug 377172 Opened 18 years ago Closed 9 years ago

Renewed certs don't load in cert chooser, but show up in the cert store.

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: mvita, Unassigned)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; InfoPath.1; .NET CLR 2.0.50727) Build Identifier: All We have a site that accepts user certificates signed by a certificate authority (CA). After the cert expired, we went back to CA and got a new one. Imported it into Firefox (versions 2.x and 1.x). Now, when we go back to the site, the cert chooser pop-up (cert selection set to manual) doesn't show the updated cert. When we view the cert in the the cert store, everything is in order. We've tested the same cert in IE at the same site and things work, so the cert is good. Reloading the cert doesn't fix things. Restarting Firefox doesn't fix things. Reinstalling Firefox doesn't fix things. I had another user confirm these findings on his machine. Reproducible: Always Steps to Reproduce: 1.get a site that requires a certificate 2.create a user cert that will expire soon 3.log into site to ensure things work (set cert chooser to manual) 4.wait for cert to expire 5.get new cert with valid date from same certificate authority (or self sign one in the same manner as original 6.import new cert 7.verify cert shows in the cert store 8.log into site again 9.notice the new cert isn't listed in drop box 10.verifiy cert is still in cert store Actual Results: I can't access my site now that the original cert expires. When production certificate start to expire, we're going to have thousands of users (company has over 150,000 users) locked out without a work around except to use IE. For Unix users that require Firefox (corporate standard) .. they're out of luck. Expected Results: After installing the new cert with the valid date, it should list that cert as a choice in the chooser. Or at least overwrite the old one. None. We've tested this on multiple versions of Firefox (2.0 and 1.x).
Assignee: nobody → kengert
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
Mass change owner of unconfirmed "Core:Security UI/PSM/SMime" bugs to nobody. Search for kaie-20100607-unconfirmed-nobody
Assignee: kaie → nobody
Is this still an issue?
Flags: needinfo?(mvita)
I'm not sure .. it was submitted almost 9 years ago. I've personally moved well past versions 1 and 2.x. I put included some pretty detailed instructions on how to repeat the error. Even today I do not think it looks that complicated to reproduce. Remembering it vaguely, it was a scenario where an imported cert that expired "should" (the operative word that outlines the goal) be replaced by an updated cert, or at least have the browser give the option to choose when multiple similar/same certs are present.
Flags: needinfo?(mvita)
Thanks for the response. I can't reproduce this, so I'm assuming it's been fixed.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.