Signing Certificae of my DSC is not showing under 'Your Cerificate' link and only encryption is shown.
I have a DSC(digital signature certificate) USB token, with both "Encryption" & "Signing" certificates downloaded into it. Both the certificates are visible in my USB Token's middleware. While viewing the certificate under 'Advanced->View Certificates' and under the "your certificate" tab, I can only see my "Encryption Certificate". Why is my UBUNTU system not fetching both the certificates.
The issue is observed with below operating systems- 1. UBUNTU 12.04 LTS Edition 32-Bit 2. MAC OS 10.8.4
However, the same DSC Token is working fine on my windows machine i.e both the certificates are visible under the CertMgr-> Personal tab.
Also, just to describe more, the DSC from the same CA and token vendor is working on some UBUNTU systems too.
Chosen solution
Is your USB Token device listed as a Security Device in Firefox?
Read this answer in context 👍 0All Replies (8)
Unfortunately I think that this is one of the know issues: http://www.mozilla.org/en-US/firefox/.../releasenotes/ that a patch is being reviewed for at the moment.
I am not an expert but does it also show up in the cert db?
I am unable to find "cert db" under my linux environment. Please specify where can I find that. And can any customization be done at end-user level to fix it.
Chosen Solution
Is your USB Token device listed as a Security Device in Firefox?
Yes. To do the same, manual importing of the library file was required, which completed and now the device can be seen under the security devices. But for the certificates to be re-used through browser, it should be under "Your Certificates". However, of the two certificates only "Encryption" is visible under the "your certificates" tab under "view certificates" link. Where as the 'Signing certificate' is visible under 'People' tab. Can there be any workaround to move the signing certificate to 'Your Certificate' tab too.
... the 'Signing certificate' is visible under 'People' tab.
Why is that a problem?
Because to make the certificate usable in various applications it should be under "Personal" or "your Certificate" tab.
Can you give an example?
Signing certificate visible under "People" tab means its not properly bounded with its associated private key. There are CKA_ID and CKA_LABEL components referred by P11 interface. Each object --> certificate template and its associated private key have these values (CKA_ID and CKA_LABEL) which are generated based upon the parameters assigned to the certificate at the time of its generation by CA. Please note that the values of these components for both certificate template and its associated private key should match. If they match,they are well shown under my certificates store and if not they will be shown under "people" store.
In short. you have to approach CA again and provide them above reason and get new certificate generated for you free of cost.