User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/184.108.40.206 Safari/532.5 Build Identifier: On Windows, when a user clicks a pkcs#12 client certificate file (*.p12 or *.pfx) link, a dialog box appears where the user can choose between "Open" and "Save". When the user chooses, "Open", the certificate manager is launched. When the user goes through all the steps, the dialog box informs that the client certificate is successfully imported. However, the certificate is actually NOT imported. When the user "saves" the pkcs#12 file and launches the certificate manager from the Firefox menu, then the import is properly done. On Linux, when the user clicks the pkcs#12 file link, the client certificate import manager does not launch. The only choice for the user is to "save" the file and import it using the Firefox menu. Reproducible: Always Steps to Reproduce: 1.Apply a demo client certificate at http://foaf.me/simpleCreateClientCertificate.php 2.When a dialog box appears, choose "Open" and go through the whole process of importing the client certificate. Actual Results: The client certificate is not imported. Expected Results: The client certificate should be imported and be ready to be used.
Assignee: nobody → kaie
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
I assume you mean the Windows certificate manager when you are speaking in the first paragraph?
Yes, you are right. I meant windows' certificate import UI, not the firefox's own certificate manager.
Is this something that worked before and you are now noticing it doesn't work? I tried your STR and I do see the same thing you do - the wizard indicates a successful import but the cert from the site you referenced is not present in Firefox 3.6.
As far as I can tell, it never worked. The problem can be reproduced with any pkcs#12 file link. Try, for example, https://openweb.or.kr/test_user_1.p12
The password for the above linked demo certificate is "password" (without the quotes). Any progress?
There's no bug here. Mozilla's products use their own separate certificate and key stores on all platforms. They do not use Windows' cert and key stores, nor MacOS's cert and key stores, etc. If you want to import a cert and key into Mozilla's stores, you use Mozilla's cert manager. It's been this way ever since Mozilla started. It's by design. Not a bug.
Thanks for the clarification. Would it perhaps be possible to have Mozilla's cert manager launched automatically when a user clicks a pkcs#12 file link with a Firefox web-browser? Now I understand that it is "by design" that Mozilla's PSM cert manager is not launched, but Windows' Cert Manager is launched... But the current situation is somewhat confusing to most users (and a little deceptive). :(
Opera, I understand, also uses its own key store. If a user click pkcs#12 file link with Opera web browser, Opera's own cert manager is launched, rather than Windows cert manager. I would hope that Firefox offers a similar functionality, which would provide better user experience.
김기창: could you explain how to "click a PKCS #12 file link with Firefox web browser"? When I click a file with a mouse, I don't think I'm clicking it with any web browser.
When you visit a web page with Firefox web-browser and click a PKCS#12 file link presented in the page, the problem occurs as I described. You may visit the same page and click the same link with other web-browsers. In that case, you do not have such a problem.
The browser (or really PSM so thunderbird gets covered too) needs to implement a content handler for application/x-pkcs12. Otherwise the .p12 files are an unknown type and handed off to the OS in hopes it knows what to do with it. Which it does in the case of Windows, only it doesn't help the poor Firefox user any to stuff it in the Windows cert store. In a message at http://markmail.org/message/i7tanw4misqpe65i Nelson points at bug 77355 and bug 349112
Summary: import of pkcs#12 client certificate fails → Firefox/PSM has no content handler for pkcs#12 client certificates
Status: UNCONFIRMED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 349112
You need to log in before you can comment on or make changes to this bug.