741403 - Error importing X509 certificates

Status: UNCONFIRMED

(Core :: Security, defect)

Description

[ANCERT]

Attachment: Test_certificates.zip

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.83 Safari/535.11

Steps to reproduce:

Description:
We have a problem importing some X509 certificates in Firefox. We attach one certificate that causes the failure and another one that is successfully imported, as well as the CA certificates. Both certificates are very similar and are successfully imported to other certificate stores.

This issue may be related to the bugs 683479, 564403 and 549418 (problem importing PKCS#12 files), as Firefox also fails when importing the PKCS#12 file that includes the certificate that cannot be imported.

Steps to reproduce:
- Import the CA certificates:
1. In the Options window, go to “Advanced” -> “Encryption” and press “View Certificates”.
2. Import the root CA certificate (ANCERTPRIV_V2_PRE.crt) using the Import button of the Authorities tab. Check the options for trusting this CA to identify websites and email users.
3. Import the subCA certificate (ANCERTCCP_V2_PRE.crt) using the Import button of the Authorities tab. Check the options for trusting this CA to identify websites and email users.
- Import the end entity certificate:
4. Import the end entity certificate (ANCERTCCP_OK.crt or ANCERTCCP_KO.crt) using the Import button of the People tab.


Actual results:

The attached certificate ANCERTCCP_OK.crt is imported, but the ANCERTCCP_KO.crt fails showing the message “This certificate can't be verified and will not be imported. The certificate issuer might be unknown or untrusted, the certificate might have expired or been revoked, or the certificate might not have been approved”. Both certificates are issued by the same CA (ANCERTCCP_V2_PRE.crt) and are valid until 2013.


Expected results:

Both certificates should be imported by Firefox.