Ovo će web mjesto raditi na ograničen način, dok obavljamo održavanje stranice. Ako neki članak ne riješi tvoj problem i ako želiš postaviti pitanje, naša zajednica za podršku spremna je pomoći na Twitteru @FirefoxSupport i na Redditu /r/firefox.

Pretraži podršku

Izbjegni prevare podrške. Nikad te nećemo tražiti da nas nazoveš, da nam pošalješ telefonski broj ili da podijeliš osobne podatke. Prijavi sumnjive radnje pomoću opcije „Prijavi zlouporabu”.

Saznaj više

Unable to Importing User Certificate into Firefox

  • 1 odgovor
  • 3 imaju ovaj problem
  • 32 prikaza
  • Posljednji odgovor od guigs

more options

I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, used openssl pkcs12 commands to break the certificate apart into specific ca certs, client certs and private key to verify content. Created a new .pfx file from those individual parts. Nothing I can do gets me past failed to import because of unspecified error from Firefox. I have tried manually using pk12util command as well, using the -i option it fails saying unable to import the private key, however pk12util -l shows that the private key is part of the pkcs12 certificate file. I have come to the conclusion that the private keys being generated are incompatible with Firefox, but I haven't been able to find any information on what keys are compatible or incompatible, so I can see if adjustments on the certificate Authority will prevent this in the future. We will soon be implementing some web applications that will require client certificates. And I don't want to enforce the need for users to use IE instead of Firefox due to the inability to import the Certificate.

pk12util -l ... output: Certificate(has private key):

   Data:
       Version: 3 (0x2)
       Serial Number:
           ...
       Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
       Issuer: ...
       Validity:
           Not Before: Thu Sep 18 20:59:04 2014

... Key(shrouded):

   Friendly Name: ...
   Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
       Parameters:
           Salt:
               ....

pk12util -i ... output: pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.

Does anyone have any ideas?

I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, used openssl pkcs12 commands to break the certificate apart into specific ca certs, client certs and private key to verify content. Created a new .pfx file from those individual parts. Nothing I can do gets me past failed to import because of unspecified error from Firefox. I have tried manually using pk12util command as well, using the -i option it fails saying unable to import the private key, however pk12util -l shows that the private key is part of the pkcs12 certificate file. I have come to the conclusion that the private keys being generated are incompatible with Firefox, but I haven't been able to find any information on what keys are compatible or incompatible, so I can see if adjustments on the certificate Authority will prevent this in the future. We will soon be implementing some web applications that will require client certificates. And I don't want to enforce the need for users to use IE instead of Firefox due to the inability to import the Certificate. pk12util -l ... output: Certificate(has private key): Data: Version: 3 (0x2) Serial Number: ... Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: ... Validity: Not Before: Thu Sep 18 20:59:04 2014 ... Key(shrouded): Friendly Name: ... Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: .... pk12util -i ... output: pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key. Does anyone have any ideas?

Svi odgovori (1)

more options

I believe this update has phased out this certificate type, please see today's blog post: https://blog.mozilla.org/security/