Closed
Bug 537657
Opened 15 years ago
Closed 9 years ago
If more than 2 certificates from same CA are installed only the first 2 ones can be selected in Accounts Seetings -> Security
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 278689
People
(Reporter: u368318, Unassigned)
Details
(Whiteboard: [psm-cert-manager])
Attachments
(4 files, 1 obsolete file)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 GTB6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0 I have installed three "TC TrustCenter Class 1 L1 CA IX" S/MIME certificates for three different email addresses. Under Tools->Options->Advanced->Certificates all 3 all installed correctly. All are visible and can ve viewed as expected. But under "Account Settings"->"Security" only the two first installed certificates from a CA are selectable for Digital Signing and Encryption. More Details: - I have more S/MIME certificate installed than these 3. For example 2 Verisign Certificate. Both are selectable in addition to the 3 Trustcenter Certificates. - The 3 corresponding emails are installed in the sort order: .eu, .net, ,tel -> .tel certificate is not selectable. -.eu and .net are one account; .tel is the second account. Reproducible: Always Steps to Reproduce: 1. Install 3 certificates from same CA type 2. Try to select the third certificate in Account settings-> Security 3. Actual Results: Only the first 2 certificate of one CA type is selectable under account settings-> security Expected Results: All installed certificate should be selectable under account settings-> security Currently I only have Thunderbird 3.0 from portable apps installed
Comment 1•15 years ago
|
||
Are the ones not selectable related to non primary identities ?
Component: Account Manager → Security
QA Contact: account-manager → thunderbird
(In reply to comment #1) > Are the ones not selectable related to non primary identities ? No, it seems to be a kind of sort order problem. My 3 email addresses are name@sld.eu -> default account=1. primary identity name@sld.net -> additional email for name@sld.eu account name@sld.tel -> second account=2. primary identity In this configuration name@sld.tel is not visible under account settings-> security If I remove name@sld.net in certificate manager name@sld.tel becomes selectable.
Sorry right order it certificate manager name@sld.net -> additional email for name@sld.eu account name@sld.eu -> default account=1. primary identity name@sld.tel -> second account=2. primary identity Rest was ok: In this configuration name@sld.tel is not visible under account settings-> security If I remove name@sld.net in certificate manager name@sld.tel becomes selectable.
Did another test. Create new certificate, also from free TrustCenter -> Internet ID for privat use http://www.trustcenter.de/products/tc_internet_id.htm The new one is listed first in certificate manager: aname@sld.net -> second account=2. primary identity name@sld.net -> additional email for name@sld.eu account name@sld.eu -> default account=1. primary identity name@sld.tel -> second account=2. primary identity In this configuration also only two certicates are shown under account settings-> security: aname@sld.net and name@sld.eu
Comment 5•15 years ago
|
||
Is this in Thunderbird code or PSM code?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2pre) Gecko/20100115 Lanikai/3.1a1pre I just tried to replicate this problem and cannot. I have three certs from the same issuer and they (and several others) show up for signing in the UI. Can you upload the certs in question? I wonder if one of them is not really usable for signing. Also, if you could upload any screenshots that might help as well.
I get the same behavior with new 3.0.1 (regular, non portable) in a fresh installation (no extensions, etc.) I am new to bugzilla. How can I upload files? For now on my site http://www.graessler.eu/bugzilla/CertificateManager.jpg http://www.graessler.eu/bugzilla/SelectionSecuritySettings.jpg How can I upload certs. I was told to get them secrete?
Probably something is wrong with the certificates I created 5 new Class 1 certificate from https://www.startssl.com/ and all 5 are visible in Selection. Everything works fine.
(In reply to comment #7) > How can I upload certs. I was told to get them secrete? There are two things to consider: Certificates, and private keys. Certificates are not secret and you can safely give them to people. In fact, when you digitally sign an email, TB sends a copy of your certificate to the other person. The private key is, of course, something you want to keep secret. When you view a certificate (for example, Prefs/Advanced/Encryption/View Certificates/Your Certificates) Go to the Details tab, and notice the Export button. You can export the certificate and chain to a format called PEM. That will only export the certificate and not the private key. If you wanted to you could upload such a PEM file. There is another format called PKCS#12 that allows you to export a certificate and its associated private key. You do *not* want to upload that kind of file (in general, though there could be some exceptions). (In reply to comment #8) > Probably something is wrong with the certificates > I created 5 new Class 1 certificate from https://www.startssl.com/ and all 5 > are visible in Selection. Everything works fine. My guess is that the one certificate that did not show up as being available for signing is not an S/MIME cert. I'm going to mark this bug as resolved for the moment, but if the problem persists in other areas please reopen it and we can dig in a little more.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WORKSFORME
Reporter | ||
Comment 10•15 years ago
|
||
@Bob: Thank you for your help. If you still like to check the certs here are the 4 pem files from my Certs. I will the StartCom Certs in the future. -----BEGIN CERTIFICATE----- MIIFOzCCBCOgAwIBAgIOcBIAAQACXUK1UJBdFwkwDQYJKoZIhvcNAQEFBQAwfDEL MAkGA1UEBhMCREUxHDAaBgNVBAoTE1RDIFRydXN0Q2VudGVyIEdtYkgxJTAjBgNV BAsTHFRDIFRydXN0Q2VudGVyIENsYXNzIDEgTDEgQ0ExKDAmBgNVBAMTH1RDIFRy dXN0Q2VudGVyIENsYXNzIDEgTDEgQ0EgSVgwHhcNMTAwMTA3MTk1NzA4WhcNMTEw MTA4MTk1NzA4WjApMQswCQYDVQQGEwJERTEaMBgGA1UEAxMRUmljaGFyZCBHcmFl c3NsZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHx1CpSOYpPSe1 +H5mg6NSaiekRP4vtz/08zpzNRz/9WOVMLLS/aNGRQLlfgRQqGHRFiMB604wd1+C g49Da+E+FfBGJXSlbbsnlLQtf1xy/uP7UunkGqUnfGZ14qx4cfoVqCe7/um/pZf5 s6Eamt/qwHnBHIeIpQnmTXclJ+V1a1ii02aJEmOKKhK3vtNbQXESG0vLvzDnYFrw ZGRpN7gfJQ0T47pstOzpsj8/Lt25UQ7a85hnHHxbeMh9YdiXAVndKrwuWhC5Zqvh MK9kLPsxqv4Da6OqFRWBRoWdh67f9Gr8SL5IbmYBTjGv3vfrnthFN1Bs5XjH0VjQ QXmS4Z3rAgMBAAGjggIMMIICCDCBpQYIKwYBBQUHAQEEgZgwgZUwUQYIKwYBBQUH MAKGRWh0dHA6Ly93d3cudHJ1c3RjZW50ZXIuZGUvY2VydHNlcnZpY2VzL2NhY2Vy dHMvdGNfY2xhc3MxX0wxX0NBX0lYLmNydDBABggrBgEFBQcwAYY0aHR0cDovL29j c3AuaXgudGNjbGFzczEudGN1bml2ZXJzYWwtaS50cnVzdGNlbnRlci5kZTAfBgNV HSMEGDAWgBTpuCgdRs/8zfhOm8XuS2Dr2Ds/0TAMBgNVHRMBAf8EAjAAMEoGA1Ud IARDMEEwPwYJKoIUACwBAQEBMDIwMAYIKwYBBQUHAgEWJGh0dHA6Ly93d3cudHJ1 c3RjZW50ZXIuZGUvZ3VpZGVsaW5lczAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0OBBYE FBrim89WlPe/S1AbtQjgJwkZ9TufMGIGA1UdHwRbMFkwV6BVoFOGUWh0dHA6Ly9j cmwuaXgudGNjbGFzczEudGN1bml2ZXJzYWwtaS50cnVzdGNlbnRlci5kZS9jcmwv djIvdGNfQ2xhc3MxX0wxX0NBX0lYLmNybDAzBgNVHSUELDAqBggrBgEFBQcDAgYI KwYBBQUHAwQGCCsGAQUFBwMHBgorBgEEAYI3FAICMBsGA1UdEQQUMBKBEG5pY0Bn cmFlc3NsZXIuZXUwDQYJKoZIhvcNAQEFBQADggEBAGhpb1eFOdbDsCjDYSsZY+95 Gu6lRdATKH7a38MNjiPF+JDVNc4jHd9Fvr9hGJ6FruyuQhkVtN4asEpBe3BDtR+E rGATGj4+m2jTZ15X1eJCK1M5fRGWYJR5Rt6JU5UKojkIHCTujwTl/gIVV9NyjMLk hDvVG+YYK1LEqX4GUgW7aGJo6Og00gRs71mFwITUPub03lEjVQKcmKysj0c1lcoz q4kn267iCUskl/0Zpht4en9voe4uszjnzlk43ERmF8hnF7Utm3Xs0lDO3bTp4b3Q k5ie5nU4oh0X5QSKfUrrUMtigJ/NHL2nSH5lq7mehSmIiHRFolJNOSXcJo3tY98= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFQTCCBCmgAwIBAgIPAI88AAEAAlRvT+gxNRnBMA0GCSqGSIb3DQEBBQUAMHwx CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYD VQQLExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBU cnVzdENlbnRlciBDbGFzcyAxIEwxIENBIElYMB4XDTEwMDEwMzE3MjY1N1oXDTEx MDEwNDE3MjY1N1owKTELMAkGA1UEBhMCREUxGjAYBgNVBAMTEVJpY2hhcmQgR3Jh ZXNzbGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpRQxGosacca OduBkNeyM+UIt2CXkXCjzgGL+EfePbS4gN47Za5Nel4bI35reEgnDwA0pjz4cPd5 O9cYJps/U3gRx0M59QxQwxlBE80QBiRKwcjBjvBDHsSN/kO+WG93eXRQJKkMWxEg oa9DcmKuKfLxQmUUWBw9VdJgUWa1l3/zNJSe25RWKvGhazFoQQkfVFEgKx7ALfN1 MfD73dqbR2JgyNX7wb3mpGzFtEnEYgKpMtT+FQpVHdXis3apYK00uP93i1//DMEV 5Hl/2fq5ljzFNREl4TMWL7eWtalFqzD/t5CSUz/LuSw49mDRFtKZwja1twKisVqh 8FVtWUUAXQIDAQABo4ICETCCAg0wgaUGCCsGAQUFBwEBBIGYMIGVMFEGCCsGAQUF BzAChkVodHRwOi8vd3d3LnRydXN0Y2VudGVyLmRlL2NlcnRzZXJ2aWNlcy9jYWNl cnRzL3RjX2NsYXNzMV9MMV9DQV9JWC5jcnQwQAYIKwYBBQUHMAGGNGh0dHA6Ly9v Y3NwLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUwHwYD VR0jBBgwFoAU6bgoHUbP/M34TpvF7ktg69g7P9EwDAYDVR0TAQH/BAIwADBKBgNV HSAEQzBBMD8GCSqCFAAsAQEBATAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LnRy dXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQW BBR/1SIaoC0KVIc5XyefFatk7EQxNzBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8v Y3JsLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUvY3Js L3YyL3RjX0NsYXNzMV9MMV9DQV9JWC5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIG CCsGAQUFBwMEBggrBgEFBQcDBwYKKwYBBAGCNxQCAjAgBgNVHREEGTAXgRVyaWNo YXJkQGdyYWVzc2xlci5uZXQwDQYJKoZIhvcNAQEFBQADggEBAIz11yiw0kXYbvFy FotFd4KzHBddWTXDTEIUmw6btr7CxGMcmvzJPjmZlZ3gB19tHBsTUWhvyZftlGqf OZuTyTDpHecKNonLidKPbEYG0BDfDV1nmsjWOKmmbWLj+jAjVxA065lJK9VJeC8T M8r+hJswP6C2C9txGJf19YJlVAH0+Y6J3vr/9rXaAuiTtZD3kV3id2ASTCRuQU+Z Y+rHlZ1JL9vkOWTEFpbT1L5GApn5VMgsPHGoYFuFnM/FTMCX46zDNA3NcS3oqbD7 r0DV/3gmaWC8rjGiX1lu5EX37AK48sebnttFs4yQRCeEbDufG0jSRLzqkO5V0osr rx0InrM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFQTCCBCmgAwIBAgIPAJwVAAEAAhJlkkNDxj30MA0GCSqGSIb3DQEBBQUAMHwx CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYD VQQLExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBU cnVzdENlbnRlciBDbGFzcyAxIEwxIENBIElYMB4XDTEwMDEwMzE3MTAxMloXDTEx MDEwNDE3MTAxMlowKTELMAkGA1UEBhMCREUxGjAYBgNVBAMTEVJpY2hhcmQgR3Jh ZXNzbGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnl3dSzplTrFQ zJt1fJBPI6BVoQnNRELvENbETIdzThRFb2jCZGMmdDrKgscoGHa+T+aXYk3fEryJ sZNiEhoBDV5fji9zeW2D+YqnFAEtlLlSuUbsw3ojWv12pKap4z45QbsrzEAZ50Ka S+Zxqu/32S3eWAyfx4zsRMYMOyczcSPFqdTLTh4PKy0+8qiTVbOb7H6txpE29CNH esvgTX9YeXxHBK9ak5lwGnpJdCR3pg8sgIZ5c7ZkF8bmbPXEHRXhEEj/u4E8bxba HCfY0gpcqJRjkY3J71uS+M/L/YcdNWj2zFlpxRwwOol4trFfHXqC1a9clR3Nv3bY hj+RWI060wIDAQABo4ICETCCAg0wgaUGCCsGAQUFBwEBBIGYMIGVMFEGCCsGAQUF BzAChkVodHRwOi8vd3d3LnRydXN0Y2VudGVyLmRlL2NlcnRzZXJ2aWNlcy9jYWNl cnRzL3RjX2NsYXNzMV9MMV9DQV9JWC5jcnQwQAYIKwYBBQUHMAGGNGh0dHA6Ly9v Y3NwLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUwHwYD VR0jBBgwFoAU6bgoHUbP/M34TpvF7ktg69g7P9EwDAYDVR0TAQH/BAIwADBKBgNV HSAEQzBBMD8GCSqCFAAsAQEBATAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LnRy dXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQW BBTgh40vOo1JwqV45iT2jtZXwoRQzDBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8v Y3JsLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUvY3Js L3YyL3RjX0NsYXNzMV9MMV9DQV9JWC5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIG CCsGAQUFBwMEBggrBgEFBQcDBwYKKwYBBAGCNxQCAjAgBgNVHREEGTAXgRVyaWNo YXJkQGdyYWVzc2xlci50ZWwwDQYJKoZIhvcNAQEFBQADggEBAIL5x7nyEVgWrjow urx9EmCRDJbv0J1m3BSeOi1yQ0gVVQKb4+3yUWk9RwOTDOedsqlsOffBpmy8adUL sAK95dEdPIfWbGEtKbq66Dlj9cTUUDkJeStNl4A+T26sFDnGsbgppGiakjdUWjah 0NVYWNIQWuOqpcOQ8jGKaW7q4K0yyCtNw321Rasrk9VhJAz9MkKIiPBkXGuiOc1q nRyNXr41FF9+zhDAWM035FNM8658a85/DaAPboLLt5AcF5aBOEcC0PdSlqw/OC+b BHOvZNUid3xYj7u3bUtaoW/z87wfrX4hsXQHH0XP/hxY8CfLvvIOelof6vCA5qbt k9snNSQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFQDCCBCigAwIBAgIPAPjCAAEAAkEWtgT5fjelMA0GCSqGSIb3DQEBBQUAMHwx CzAJBgNVBAYTAkRFMRwwGgYDVQQKExNUQyBUcnVzdENlbnRlciBHbWJIMSUwIwYD VQQLExxUQyBUcnVzdENlbnRlciBDbGFzcyAxIEwxIENBMSgwJgYDVQQDEx9UQyBU cnVzdENlbnRlciBDbGFzcyAxIEwxIENBIElYMB4XDTEwMDEwMzE3MjAxNVoXDTEx MDEwNDE3MjAxNVowKTELMAkGA1UEBhMCREUxGjAYBgNVBAMMEVJpY2hhcmQgR3LD pMOfbGVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkXnYYMnnOKH //+koDFpFlzjarIe2dLaVWkNqTM3gAf9TWnPvNLrcW3keoe8ymYT/ficrBK5m0Ct 3exGcFUbc9ZeK+UduPp0BjJU+IDcyue45c2yOzsRKK0g4xm7wZ9TLkpPjqcMrVkp YNH4Ur1Xg8fewf50eYoHWGJDEetE3Zv7X34Mm8bcPzdjAhOFUlUXQP1xFQ4b2iqF g2m2W162mGslcTU7vg9nbJtCrCwazAHFJuQ12Zox+W90fuvlUCURgxQlGAJa526w zktGOJSqdcGOjgsr+JtiLmeCoSu7L86AS1sDLJ+KjOE79UcxTvg3bcFnNuDJpunj NRvo5Qdq6wIDAQABo4ICEDCCAgwwgaUGCCsGAQUFBwEBBIGYMIGVMFEGCCsGAQUF BzAChkVodHRwOi8vd3d3LnRydXN0Y2VudGVyLmRlL2NlcnRzZXJ2aWNlcy9jYWNl cnRzL3RjX2NsYXNzMV9MMV9DQV9JWC5jcnQwQAYIKwYBBQUHMAGGNGh0dHA6Ly9v Y3NwLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUwHwYD VR0jBBgwFoAU6bgoHUbP/M34TpvF7ktg69g7P9EwDAYDVR0TAQH/BAIwADBKBgNV HSAEQzBBMD8GCSqCFAAsAQEBATAyMDAGCCsGAQUFBwIBFiRodHRwOi8vd3d3LnRy dXN0Y2VudGVyLmRlL2d1aWRlbGluZXMwDgYDVR0PAQH/BAQDAgTwMB0GA1UdDgQW BBR8eCEhRIEM14s3MlTr3IoRrgH7BjBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8v Y3JsLml4LnRjY2xhc3MxLnRjdW5pdmVyc2FsLWkudHJ1c3RjZW50ZXIuZGUvY3Js L3YyL3RjX0NsYXNzMV9MMV9DQV9JWC5jcmwwMwYDVR0lBCwwKgYIKwYBBQUHAwIG CCsGAQUFBwMEBggrBgEFBQcDBwYKKwYBBAGCNxQCAjAfBgNVHREEGDAWgRRyaWNo YXJkQGdyYWVzc2xlci5ldTANBgkqhkiG9w0BAQUFAAOCAQEAnQvgFXnLbfxgiqFu xCPSpj1ccPD4g/iVAcs39I8sYBk5szi9ZgA31S6dsGGMi6hd11gZkljYbqla3jSm gz8332y4OOV5/7qlrhNzD+NWXLtRkBO9jmVue56tfF34SMCwi3CuBpN2VO3Tl5bS zfNbCLt3w9AYXnAQuxG2/Xuj3xCc8yMCB78h1vQRai9ljUQlYdDzE7E84R+SMWga 4Ol45qSzI1/Y6fXMUBZFQQHeJzaajf3FBAuhBDh/GIhrW8XQ7TIidNhI6AJ6zToK /anDF11SnHILu9S21NZ75bfXWHhS2x6iflLoED6NgXr/qALwWZhTb5+YADxQnijH zKWESw== -----END CERTIFICATE-----
Comment 11•15 years ago
|
||
Comment 12•15 years ago
|
||
Comment 13•15 years ago
|
||
Comment 14•15 years ago
|
||
Comment 15•15 years ago
|
||
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2pre) Gecko/20100122 Lanikai/3.1b1pre I don't see anything wrong with these certs. REOPENING. I loaded Richard's certs into my TB client and was able to encrypt an email to all 4 email addresses in his certs. Richard: do you know how to create a new TB profile? I'm wondering if it's possible to recreate your problem on a clean profile. If things work on the new profile, then there is something about your existing profile that is introducing the problem.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
Reporter | ||
Comment 16•14 years ago
|
||
I got all the 4 emails and they decrypted fine. Bob: See my comment on 2010-01-22 01:58:47: That was a complete new installation of Thunderbird 3.0.1 en-us. I add 2 accounts richard@g...eu and richard@g...tel plus richard@g...net as second identity for the first one. Add the 3 TrustCenter Certs and the 3 StartSSL Certs. The result was: All 3 StartSSL certs are vissible under security but only 2 of TrustCenter (.eu and .net).
Attachment #423250 -
Attachment is obsolete: true
Comment 17•14 years ago
|
||
I confess I don't know much about identities in TB, but I do see some references like these that make me think this may be an older issue: http://kb.mozillazine.org/Mozilla_Suite_:_FAQs_:_Mail_Aliases#S.2FMIME_and_Enigmail https://addons.mozilla.org/en-US/thunderbird/addon/8814 Richard, are you using the same identities in each of your tests? In other words, was your setup exactly the same for the TrustCenter and the StartSSL certs regarding identities? I'm trying to figure out exactly how I can reproduce this issue.
Comment 18•14 years ago
|
||
(In reply to comment #0) > But under "Account Settings"->"Security" only the two first installed > certificates from a CA are selectable for Digital Signing and Encryption. This is "by design", actually. nsCertPicker is called with allowDuplicateNicknames set to false: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/mail/extensions/smime/content/am-smime.js&mark=&mark=290,293#288 [hg.mozilla.org doesn't support line marking, so I'm linking to an older version from CVS - but the code is still the same.] The certificates with the .net and .tel e-mail addresses have exactly the same subject DN, and consequently NSS uses the same nickname for them. The cert for the .eu address has a different CN (uses "äß" instead of "aess"), so it gets a different nickname. Note that even if Tb would show more than one cert per nickname in that dialog (i.e., if allowDuplicateNicknames is changed to true), you will then most likely run into bug 278689.
Reporter | ||
Comment 19•14 years ago
|
||
Reporter | ||
Comment 20•14 years ago
|
||
Bob: yes I used the same. see attachment with screenshots. Kasper: But the 3 StartSSL has all the same CN because until now I have not started the WoT process to get my name in!
Comment 21•14 years ago
|
||
(In reply to comment #20) > But the 3 StartSSL has all the same CN because until now I have not > started the WoT process to get my name in! It's the complete subject DN which is relevant here, not simple the CN attribute. Startcom most likely puts the (deprecated) PKCS#9 emailAddress attribute into the subject DN, which makes all those 3 subject DNs differ from each other. Trustcenter only puts them into the subjectAltName extension (as recommended by RFC 3850, section 3). (In reply to comment #18) > you will then most likely run into bug 278689. I should actually have written: this bug can be duped against 278689. It's the same issue, really.
Updated•14 years ago
|
Whiteboard: [psm-cert-manager]
Comment 22•9 years ago
|
||
Resolving as duplicate based on Comment 21.
Status: REOPENED → RESOLVED
Closed: 15 years ago → 9 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•