Firefox/PSM has no content handler for pkcs#12 client certificates




9 years ago
9 years ago


(Reporter:, Assigned: kaie)


Firefox Tracking Flags

(Not tracked)


(Whiteboard: [evang-wanted], URL)



9 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/ Safari/532.5
Build Identifier: 

On Windows, when a user clicks a pkcs#12 client certificate file (*.p12 or *.pfx) link, a dialog box appears where the user can choose between "Open" and "Save".  When the user chooses, "Open", the certificate manager is launched.

When the user goes through all the steps, the dialog box informs that the client certificate is successfully imported.

However, the certificate is actually NOT imported.

When the user "saves" the pkcs#12 file and launches the certificate manager from the Firefox menu, then the import is properly done.

On Linux, when the user clicks the pkcs#12 file link, the client certificate import manager does not launch. The only choice for the user is to "save" the file and import it using the Firefox menu.

Reproducible: Always

Steps to Reproduce:
1.Apply a demo client certificate at
2.When a dialog box appears, choose "Open" and go through the whole process of importing the client certificate.

Actual Results:  
The client certificate is not imported.

Expected Results:  
The client certificate should be imported and be ready to be used.
Assignee: nobody → kaie
Component: Security → Security: PSM
Product: Firefox → Core
QA Contact: firefox → psm
I assume you mean the Windows certificate manager when you are speaking in the first paragraph?

Comment 2

9 years ago
Yes, you are right. I meant windows' certificate import UI, not the firefox's own certificate manager.
Is this something that worked before and you are now noticing it doesn't work? I tried your STR and I do see the same thing you do - the wizard indicates a successful import but the cert from the site you referenced is not present in Firefox 3.6.

Comment 4

9 years ago
As far as I can tell, it never worked. 

The problem can be reproduced with any pkcs#12 file link. Try, for example,

Comment 5

9 years ago
The password for the above linked demo certificate is "password" (without the quotes).

Any progress?
There's no bug here.
Mozilla's products use their own separate certificate and key stores on
all platforms.  They do not use Windows' cert and key stores, nor MacOS's 
cert and key stores, etc.   If you want to import a cert and key into 
Mozilla's stores, you use Mozilla's cert manager.  It's been this way 
ever since Mozilla started.  It's by design.  Not a bug.

Comment 7

9 years ago
Thanks for the clarification. Would it perhaps be possible to have Mozilla's cert manager launched automatically when a user clicks a pkcs#12 file link with a Firefox web-browser?

Now I understand that it is "by design" that Mozilla's PSM cert manager is not launched, but Windows' Cert Manager is launched... 

But the current situation is somewhat confusing to most users (and a little deceptive).  :(

Comment 8

9 years ago
Opera, I understand, also uses its own key store.  If a user click pkcs#12 file link with Opera web browser, Opera's own cert manager is launched, rather than Windows cert manager.

I would hope that Firefox offers a similar functionality, which would provide better user experience.

Comment 9

9 years ago
김기창: could you explain how to "click a PKCS #12 file link with
Firefox web browser"?

When I click a file with a mouse, I don't think I'm clicking it
with any web browser.

Comment 10

9 years ago
When you visit a web page with Firefox web-browser and click a PKCS#12 file link presented in the page, the problem occurs as I described. 

You may visit the same page and click the same link with other web-browsers.  In that case, you do not have such a problem.
The browser (or really PSM so thunderbird gets covered too) needs to implement a content handler for application/x-pkcs12. Otherwise the .p12 files are an unknown type and handed off to the OS in hopes it knows what to do with it. Which it does in the case of Windows, only it doesn't help the poor Firefox user any to stuff it in the Windows cert store.

In a message at Nelson points at bug 77355 and bug 349112
Summary: import of pkcs#12 client certificate fails → Firefox/PSM has no content handler for pkcs#12 client certificates


9 years ago
Last Resolved: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 349112
Whiteboard: [evang-wanted]
You need to log in before you can comment on or make changes to this bug.