Zoeken in Support

Vermijd ondersteuningsscams. We zullen u nooit vragen een telefoonnummer te bellen, er een sms naar te sturen of persoonlijke gegevens te delen. Meld verdachte activiteit met de optie ‘Misbruik melden’.

Meer info

Deze conversatie is gearchiveerd. Stel een nieuwe vraag als u hulp nodig hebt.

Unable to Importing User Certificate into Firefox

  • 1 antwoord
  • 3 hebben dit probleem
  • 32 weergaven
  • Laatste antwoord van guigs

more options

I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, used openssl pkcs12 commands to break the certificate apart into specific ca certs, client certs and private key to verify content. Created a new .pfx file from those individual parts. Nothing I can do gets me past failed to import because of unspecified error from Firefox. I have tried manually using pk12util command as well, using the -i option it fails saying unable to import the private key, however pk12util -l shows that the private key is part of the pkcs12 certificate file. I have come to the conclusion that the private keys being generated are incompatible with Firefox, but I haven't been able to find any information on what keys are compatible or incompatible, so I can see if adjustments on the certificate Authority will prevent this in the future. We will soon be implementing some web applications that will require client certificates. And I don't want to enforce the need for users to use IE instead of Firefox due to the inability to import the Certificate.

pk12util -l ... output: Certificate(has private key):

   Data:
       Version: 3 (0x2)
       Serial Number:
           ...
       Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
       Issuer: ...
       Validity:
           Not Before: Thu Sep 18 20:59:04 2014

... Key(shrouded):

   Friendly Name: ...
   Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
       Parameters:
           Salt:
               ....

pk12util -i ... output: pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.

Does anyone have any ideas?

I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, used openssl pkcs12 commands to break the certificate apart into specific ca certs, client certs and private key to verify content. Created a new .pfx file from those individual parts. Nothing I can do gets me past failed to import because of unspecified error from Firefox. I have tried manually using pk12util command as well, using the -i option it fails saying unable to import the private key, however pk12util -l shows that the private key is part of the pkcs12 certificate file. I have come to the conclusion that the private keys being generated are incompatible with Firefox, but I haven't been able to find any information on what keys are compatible or incompatible, so I can see if adjustments on the certificate Authority will prevent this in the future. We will soon be implementing some web applications that will require client certificates. And I don't want to enforce the need for users to use IE instead of Firefox due to the inability to import the Certificate. pk12util -l ... output: Certificate(has private key): Data: Version: 3 (0x2) Serial Number: ... Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: ... Validity: Not Before: Thu Sep 18 20:59:04 2014 ... Key(shrouded): Friendly Name: ... Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: .... pk12util -i ... output: pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key. Does anyone have any ideas?

Alle antwoorden (1)

more options

I believe this update has phased out this certificate type, please see today's blog post: https://blog.mozilla.org/security/