This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Signing Certificae of my DSC is not showing under 'Your Cerificate' link and only encryption is shown.

  • 8 replies
  • 5 have this problem
  • 53 views
  • Last reply by mphasis_20

more options

I have a DSC(digital signature certificate) USB token, with both "Encryption" & "Signing" certificates downloaded into it. Both the certificates are visible in my USB Token's middleware. While viewing the certificate under 'Advanced->View Certificates' and under the "your certificate" tab, I can only see my "Encryption Certificate". Why is my UBUNTU system not fetching both the certificates.

The issue is observed with below operating systems- 1. UBUNTU 12.04 LTS Edition 32-Bit 2. MAC OS 10.8.4

However, the same DSC Token is working fine on my windows machine i.e both the certificates are visible under the CertMgr-> Personal tab.

Also, just to describe more, the DSC from the same CA and token vendor is working on some UBUNTU systems too.

I have a DSC(digital signature certificate) USB token, with both "Encryption" & "Signing" certificates downloaded into it. Both the certificates are visible in my USB Token's middleware. While viewing the certificate under 'Advanced->View Certificates' and under the "your certificate" tab, I can only see my "Encryption Certificate". Why is my UBUNTU system not fetching both the certificates. The issue is observed with below operating systems- 1. UBUNTU 12.04 LTS Edition 32-Bit 2. MAC OS 10.8.4 However, the same DSC Token is working fine on my windows machine i.e both the certificates are visible under the CertMgr-> Personal tab. Also, just to describe more, the DSC from the same CA and token vendor is working on some UBUNTU systems too.

Chosen solution

Is your USB Token device listed as a Security Device in Firefox?

Read this answer in context 👍 0

All Replies (8)

more options

Unfortunately I think that this is one of the know issues: http://www.mozilla.org/en-US/firefox/.../releasenotes/ that a patch is being reviewed for at the moment.

I am not an expert but does it also show up in the cert db?

more options

I am unable to find "cert db" under my linux environment. Please specify where can I find that. And can any customization be done at end-user level to fix it.

more options

Chosen Solution

Is your USB Token device listed as a Security Device in Firefox?

more options

Yes. To do the same, manual importing of the library file was required, which completed and now the device can be seen under the security devices. But for the certificates to be re-used through browser, it should be under "Your Certificates". However, of the two certificates only "Encryption" is visible under the "your certificates" tab under "view certificates" link. Where as the 'Signing certificate' is visible under 'People' tab. Can there be any workaround to move the signing certificate to 'Your Certificate' tab too.

more options

... the 'Signing certificate' is visible under 'People' tab.

Why is that a problem?

more options

Because to make the certificate usable in various applications it should be under "Personal" or "your Certificate" tab.

more options

Can you give an example?

more options

Signing certificate visible under "People" tab means its not properly bounded with its associated private key. There are CKA_ID and CKA_LABEL components referred by P11 interface. Each object --> certificate template and its associated private key have these values (CKA_ID and CKA_LABEL) which are generated based upon the parameters assigned to the certificate at the time of its generation by CA. Please note that the values of these components for both certificate template and its associated private key should match. If they match,they are well shown under my certificates store and if not they will be shown under "people" store.

In short. you have to approach CA again and provide them above reason and get new certificate generated for you free of cost.