Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Tìm hiểu thêm

Unable to Importing User Certificate into Firefox

  • 1 trả lời
  • 3 gặp vấn đề này
  • 32 lượt xem
  • Trả lời mới nhất được viết bởi guigs

more options

I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, used openssl pkcs12 commands to break the certificate apart into specific ca certs, client certs and private key to verify content. Created a new .pfx file from those individual parts. Nothing I can do gets me past failed to import because of unspecified error from Firefox. I have tried manually using pk12util command as well, using the -i option it fails saying unable to import the private key, however pk12util -l shows that the private key is part of the pkcs12 certificate file. I have come to the conclusion that the private keys being generated are incompatible with Firefox, but I haven't been able to find any information on what keys are compatible or incompatible, so I can see if adjustments on the certificate Authority will prevent this in the future. We will soon be implementing some web applications that will require client certificates. And I don't want to enforce the need for users to use IE instead of Firefox due to the inability to import the Certificate.

pk12util -l ... output: Certificate(has private key):

   Data:
       Version: 3 (0x2)
       Serial Number:
           ...
       Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
       Issuer: ...
       Validity:
           Not Before: Thu Sep 18 20:59:04 2014

... Key(shrouded):

   Friendly Name: ...
   Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
       Parameters:
           Salt:
               ....

pk12util -i ... output: pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.

Does anyone have any ideas?

I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, used openssl pkcs12 commands to break the certificate apart into specific ca certs, client certs and private key to verify content. Created a new .pfx file from those individual parts. Nothing I can do gets me past failed to import because of unspecified error from Firefox. I have tried manually using pk12util command as well, using the -i option it fails saying unable to import the private key, however pk12util -l shows that the private key is part of the pkcs12 certificate file. I have come to the conclusion that the private keys being generated are incompatible with Firefox, but I haven't been able to find any information on what keys are compatible or incompatible, so I can see if adjustments on the certificate Authority will prevent this in the future. We will soon be implementing some web applications that will require client certificates. And I don't want to enforce the need for users to use IE instead of Firefox due to the inability to import the Certificate. pk12util -l ... output: Certificate(has private key): Data: Version: 3 (0x2) Serial Number: ... Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: ... Validity: Not Before: Thu Sep 18 20:59:04 2014 ... Key(shrouded): Friendly Name: ... Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: .... pk12util -i ... output: pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key. Does anyone have any ideas?

Tất cả các câu trả lời (1)

more options

I believe this update has phased out this certificate type, please see today's blog post: https://blog.mozilla.org/security/