Closed
Bug 474306
Opened 16 years ago
Closed 13 years ago
Can't choose from certificates with the same "mail.identity.id*.signing_cert_name"
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 278689
People
(Reporter: clemenz, Unassigned)
Details
(Whiteboard: [psm-cert-manager])
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; de_DE; rv:1.9.0.5) Gecko/2008121300 SUSE/3.0.5-1.1 Firefox/3.0.5 Build Identifier: Version 2.0.0.18 (20081112) I have three different email-adresses with different certificates. Importing them works fine. But I can't assign them to the different accounts because they all have the same "mail.identity.id*.signing_cert_name". In the chooser (account manager) is only the certificate with the highest serial number displayed, the others not. Reproducible: Always Steps to Reproduce: 1. import at least 2 certificates from same issuer and same owner but different email-adresses and serials 2. create at least 2 accounts 3. try to assign the right certificate to the right account Actual Results: Only the certificate with the highest serial can be choosen. Expected Results: having the choice between the 2 (or more) certificates
|
Reporter | |
Comment 1•16 years ago
|
||
I forgot: It's the same behaviour when using TB3b2
|
||
Updated•15 years ago
|
Component: Account Manager → Security
QA Contact: account-manager → thunderbird
Version: unspecified → Trunk
|
|
||
Comment 2•15 years ago
|
||
Kaie is that by design ?
Related to Bug 460985 ?
|
||
Comment 4•14 years ago
|
||
(In reply to comment #0) > > I have three different email-adresses with different certificates. Importing > them works fine. But I can't assign them to the different accounts because they > all have the same "mail.identity.id*.signing_cert_name". I assume you learned that by looking at your profile's "prefs.js" file. Each imported personal certificate should have a unique "nickname". Please do me a favor, and check what nicknames you have for your 3 different certificates. Go to preferences, advanced, encryption, view certificates. In certificate manager click on the "your certificates" tab. Find your 3 certs. For each of them do the following: - click one of the certs (to select it) - click the "view" button - a certificate viewer window will come up - look at the "title bar" of the certificate viewer window, this is the topmost area of the window, that is part of the window border. It contains the windows label. The text is: Certificate Viewer "<nickname>" Please carefully compare the <nickname> portion for your 3 certs. Usually, when having identical subjects, each of them should have a different suffixes like this: Kai's cert #2 Kai's cert #5 Could you please list the nicknames you see? > In the chooser > (account manager) is only the certificate with the highest serial number > displayed, the others not. That's bad. If all of your certificates are still valid (not expired, not revoked), you should see all of them.
|
|
||
Updated•14 years ago
|
Whiteboard: [psm-cert-manager]
|
||
Comment 5•14 years ago
|
||
I have the same problem with the latest Thunderbird version (3.1.3): Using two different certificates for two different email-addresses, I can only access the certificate for one of the addresses via the "choose certificate" drop-down box. I looked up the nicknames of the two certificates affected - they are both "Importiertes Zertifikat #2" (using the German Thunderbird version). The strange thing is that the correct choice of the certificates has worked with previous versions of the certificates - the problem occurred to me the first time today. A more detailed description of the problem (in German) can be found at http://blog.webducer.de/2010/02/mehrere-gleichnamige-zertifikate-unter-thunderbird-nutzen/
I have the same problem. I received two free personal IDs from TrustCenter for my two different e-mail addresses. They both seem to be called "<name>'s TC TrustCenter GmbH ID", and I'm only given the option to select one of the two (the newer) to sign my outgoing mail from either address with.
|
||
Comment 7•14 years ago
|
||
I have the same problem with SeaMonkey 2.0.10 and new email certificates from TC TrustCenter. As stated in Comment #5 there was no problem with previous certificates based on TC's so-called Generation I root certificates, as opposed to the new certificates which are based on Generation II root certificates. One obvious difference between the 2 certificate versions is their "Subject" field. In the previous certificates this field contained email address (E), common name (CN) and country (C); in the new certificates it only contains CN and C, the omission of E leading to loss of uniqueness (of this field) and perhaps to SM's/TB's apparent inability to differentiate between certificates for different email addresses (as also seems to be implied by their identical nicknames when imported - cf. Comment #6).
|
|
||
Updated•14 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Same problem with two certificates with the same "nickname" stored on a Gemalto .NET smart card. One certificate was created by an internal Windows PKI and one by Comodo/Usertrust. Both certificated have the same CN. Thunderbird/3.1.7 Windows
|
||
Comment 9•13 years ago
|
||
Hi, I have the same situation as Comment #6. The CN is identical for both certificates. The ID shown in the select function is "le-8be814ce-94d1-4277-9419-f1e1dbfa9900" for both certificates. So I am only able to select one. This is important to change in Thunderbird. Regards Karl-Heinz
You need to log in
before you can comment on or make changes to this bug.
Description
•