Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Fungovanie tejto stránky je z dôvodu údržby dočasne obmedzené. Ak článok nevyrieši váš problém a chcete položiť otázku, napíšte našej komunite podpory na Twitter @FirefoxSupport alebo Reddit /r/firefox.

Vyhľadajte odpoveď

Vyhnite sa podvodom s podporou. Nikdy vás nebudeme žiadať, aby ste zavolali alebo poslali SMS na telefónne číslo alebo zdieľali osobné informácie. Nahláste prosím podozrivú aktivitu použitím voľby “Nahlásiť zneužitie”.

Ďalšie informácie

Unable to Importing User Certificate into Firefox

  • 1 odpoveď
  • 3 majú tento problém
  • 32 zobrazení
  • Posledná odpoveď od guigs

more options

I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, used openssl pkcs12 commands to break the certificate apart into specific ca certs, client certs and private key to verify content. Created a new .pfx file from those individual parts. Nothing I can do gets me past failed to import because of unspecified error from Firefox. I have tried manually using pk12util command as well, using the -i option it fails saying unable to import the private key, however pk12util -l shows that the private key is part of the pkcs12 certificate file. I have come to the conclusion that the private keys being generated are incompatible with Firefox, but I haven't been able to find any information on what keys are compatible or incompatible, so I can see if adjustments on the certificate Authority will prevent this in the future. We will soon be implementing some web applications that will require client certificates. And I don't want to enforce the need for users to use IE instead of Firefox due to the inability to import the Certificate.

pk12util -l ... output: Certificate(has private key):

   Data:
       Version: 3 (0x2)
       Serial Number:
           ...
       Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
       Issuer: ...
       Validity:
           Not Before: Thu Sep 18 20:59:04 2014

... Key(shrouded):

   Friendly Name: ...
   Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
       Parameters:
           Salt:
               ....

pk12util -i ... output: pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.

Does anyone have any ideas?

I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, used openssl pkcs12 commands to break the certificate apart into specific ca certs, client certs and private key to verify content. Created a new .pfx file from those individual parts. Nothing I can do gets me past failed to import because of unspecified error from Firefox. I have tried manually using pk12util command as well, using the -i option it fails saying unable to import the private key, however pk12util -l shows that the private key is part of the pkcs12 certificate file. I have come to the conclusion that the private keys being generated are incompatible with Firefox, but I haven't been able to find any information on what keys are compatible or incompatible, so I can see if adjustments on the certificate Authority will prevent this in the future. We will soon be implementing some web applications that will require client certificates. And I don't want to enforce the need for users to use IE instead of Firefox due to the inability to import the Certificate. pk12util -l ... output: Certificate(has private key): Data: Version: 3 (0x2) Serial Number: ... Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: ... Validity: Not Before: Thu Sep 18 20:59:04 2014 ... Key(shrouded): Friendly Name: ... Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC Parameters: Salt: .... pk12util -i ... output: pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key. Does anyone have any ideas?

Všetky odpovede (1)

more options

I believe this update has phased out this certificate type, please see today's blog post: https://blog.mozilla.org/security/