Dear all, Importing a COMODO email signing cert into Thunderbird 60.2.1 works fine in a plain vanilla way, that is: enroll, download, import.
Now, I want to import a certificate, originally created by our company PKI as SSL-Client certificate for use with Cisco Anyconnect VPN clients. I realized that it differs in its DN format, misses explicit mail sing/encryption flags and has additional subject alternative names. Two of my company email addresses are contained as 1. "Subject: CN = <myuid>@<companydomain>" 2."X509v3 Subject Alternative Name: DNS:vpn.<companydomain>, email:<myemailname>@<companydomain> I was trying to figure out why Thunderbird refuses to accept this cert for use with either <myuid>@<companydomain> or <myemailname>@<companydomain> but there seems to be no diagnostic output, nor any documentation, what the minimum requirements for Thunderbird to accept a given cert for S/MIME actually are. I once debugged Thunderbird and NSS code to figure this out, and I remember it was a hell of a setup to find out, what is really going on, but maybe there is somewhere a document outlining these requirements. Would be great if you could point me into the right direction. Regards Martin -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
