The Edit button for Web Site certs curently opens up the dialog for editing CA
certs. Instead it should open a dialog box that looks like this:
This certificate: [hostname from cert]
was issued by: [name of issuer]
[next sentence varies depending on trust for this cert's CA. If the CA is not
trusted, it reads as follows:]
Because you do not trust the certificate authority that issued this certificate,
you do not trust the authenticity of this certificate unless otherwise indicated
[If the CA is trusted, it reads as follows:]
Because you trust the certificate authority that issued this certificate, you
trust the authenticity of this certificate unless otherwise indicated here.
Edit certificate trust settings:
[these are radio buttons]
x Trust the authenticity of this certificate.
x Do not trust the authenticity of this certificate.
[Edit... button] Edit certificate authority trust settings.
The help target for this dialog is ?edit_web_certs.
The above changes will bring this dialog into line with PSM 1.4.
- should the window title for this and other cert edit windows be "Edit
Certificate Settings" as in PSM 1.4? Currently the window title is the name of
- Do we want this dialog to reflect the cert chain graphically, along the lines
of the new View window?
Changed target to 2.0.
Darn. somehow in my last big checkin, I implemented this but missed some text.
What I have says:
This certificate X was issued by Y.
Edit certificate trust settings
I'm missing the text about whether or not the issuer is trusted. I will attach
This is still a bug then. We need to make a decision whether this is to be
fixed now or not.
Created attachment 35949 [details]
edit web site cert trust interface
(Oh yeah, just a note about that image; that really is a self-signed cert, I'm
not showing the wrong issuer :)
Just to clarify, two things are still missing from this dialog:
- text above the radio buttons that varies according to trust state of cert
- Edit button labeled "Edit certificate authority trust settings"
The idea with the Edit button is that if you want to fix the CA trust settings,
you can do it from here, immediately, rather than navigating to the Authorities
panel. This button was present in PSM 1.x.
Also, the window title in the latest build is "Edit certificate trust". It's a
nit, but I would prefer "Edit certificate trust settings".
Is this almost done or is it a lot more work?
Mass reassigning target to 2.1
removing nsenterprise keyword from PSM bugs with target milestone of future.
Mass assigning QA to ckritzer.
Created attachment 44624 [details] [diff] [review]
Adding the window sizing and typo foxes as well - This patch fixes this bug, as
well as bug# 82887
Created attachment 44944 [details] [diff] [review]
A few comments:
1) On the following line:
<script src="chrome://global/content/strres.js" />
2) Why is this block commented out? Should it even be included?
+ if(cacert == null)
+ var editButton = document.getElementById('editca-button');
Fix 1, and you'll have r=javi
Created attachment 45142 [details] [diff] [review]
Done...Removed the commented part too. It was originally intended to hide the
'edit root ca' button' if root ca was unknown - I forgot to remove that later.
My only comment is that the id "explanations" is mispelled as "explainations"
Other than that, sr=hewitt
Patch checked in.
I would also like to point out that the window, being persistent, remembers the
older value, and might show sizing issues first time, depending on the profile
used [bug# 94755]. This might be resized, though.
1) The correct interface is being shown after clicking the [Edit] button for Web
Site cert(s) - the basic bug is fixed
2) The title of the Edit dialogue is still "Edit certificate trust" and not
"Edit certificate trust settings"
3) I need some assistance with getting a cert from a 'trusted authority'. I can
see the text in the "Edit certificate trust" dialogue which starts out with
"Because you do not trust the certificate authority...", but I need to check out
a trusted certificate authority to verify the text changes.
Any suggests? Do we have an internal site which will do this? Or perhaps the USPS?
Sean, are you happy with the text title in #2 above? If not, we can hold this
bug open, or open a new bug. Let me know.
Regarding #3, one way to do that might be - go to https://www.hotmail.com - a
dialog for domain name mismatch would come up, and check on 'remember this cert
permanently'. CA for this cert is RSA, and that would be included in the list of
CA's available when Netscape6 is installed.
To check the case where the web site cert is from a trusted authority, just
click "Edit CA trust" and select all three boxes. Next time you open the same
web site cert, you'll see the text for the trusted CA case.
I'm not so concerned about "settings" in the title name per se, but there are
two other issues that do concern me:
- "Edit trust settings" is the title for both this dialog (editing web site cert
trust settings) and the equivalent dialog for editing CA trust settings. I would
prefer to see these dialogs distinguished more clearly: "Edit web site
certificate trust settings" for this case and "Edit CA certificate trust
settings" for the other.
- The dialog opens to a huge size, with a bunch of white space above and below
the radio buttons. Surely this isn't necessary. The dialog can be resized by
hand to more reasonable dimensions without losing anything.
Both of these are relatively minor complaints that probably are less important
than other UI changes in progress. It's up to you whether to close this bug or
keep it open for a future release.
The window sizing trouble [that the window is too long] is probably effect of
persistence and would vanish once a new profile is used [for now]. This issue
for editcert as well as deletecert windows is being addressed in bug# 95441.
Created attachment 45940 [details] [diff] [review]
patch to fix the title problem ... sorry I missed that
I'll verify this with tomorrow morning's builds...
Patch Checked in.
This would fix the window title problem. To get proper sized window, it would
still be needed to use fresh profile[for now, till we check in patch to bug#
95411]. Also, the 'Edit Web Site Cert' window still has a awkward layout [bug#
82887] - I do not have a fix for that yet....
Okay, I noticed something else odd today...
Changing the state of the radio buttons seems to have no effect on the text
above it which starts either as "Because you trust the..." or "Because you don't
trust the...". When the text indicates trust, changing the radio button to
'trust' and selecting the [OK] button will not change the state of the text when
you open the edit window back up again.
What *does* seem to make a difference (whether you change the radio button or
not) is when you change the state of the checkboxes in the "Edit Certificate
trust" window (turn them all off or one/all on). When all checkboxes are
unchecked, the text changes to "don't trust" & when one or more checkboxes are
checked, the text will change to "trust"
I believe the text "Because you trust the..." or "Because you don't trust
the...". should actually change only when the trust of the issuer CA is
changed [eg, by clicking the 'Edit CA' button, and opening trust settings window
for the CA], because this text reflects the default trust of this ssl cert,
which is defined by the trust on its CA.
But, even if we do not trust/know the CA, we can choose to trust this particular
web site cert [or,the other way round]by checking the radio button 'Trust the
authenticity of...'. So next time we open the edit dialog, we still have the
same text 'Because you do not trust..' showing up, but the button 'trust the
authenticity..' is checked, indicating we trust this ssl cert, though its CA is
Still, putting in some text to indicate the 'actual' trust status might make it
easier for users to understand.
Change the target of bugs with state 'RESOLVED' and target 'Future' to target
'2.1' since they were fixed for the 2.1 release.
Using win Build ID 20010919-0.9.4, I verified the following:
Use a fresh profile.
Got to https://beaver.mcom.com
You don't have the CA cert, so you're told so. Remember the cert permanently.
Go to cert manager, web cert tab, edit the cert
Click on Edit CA trust -> get a dialog that you don't have the CA cert.
close cert manager.
Go to http://juggler.mcom.com
Click retrieval tab and import CA cert When the trust setting pop up, do not
open cert manager, web cert tab.
edit cert. The message says that you don't trust the CA cert.
go to authorities tab.
Edit the CA and trust it.
go to web cert tab.
edit the cert.
it says you trust the CA.
You can edit the CA trust.
I think it's verified.
Verified on 9/19 WinNT branch.