Checking the links below I find: - they are all connected with the diginotar CA and have nothing to do with my issue
- except https://bugs.freedesktop.org/show_bug.cgi?id=39825 However here it is described the dialog box comes up empty. This is not so in my case. I sign the document as always. Then when I check the signature it shows it can't validate (apparently because it can not find the root CA). I'm wandering if all types of certificates fail to validate or only the ones where the CA is on the 'software security device' (as opposed to the 'built-in object token') in Firefox. Ferry Op zondag 18-09-2011 om 22:32 uur [tijdzone +0200], schreef Ferry Toth: > Yeah, it is quite possible to blame the Ubuntu Natty build. > > But the problem occurs just since my most recent Firefox update. So it > would be nice to see if somebody can reproduce this before I file a bug. > > I'm looking into your links now. > > Ferry > > Op maandag 12-09-2011 om 11:30 uur [tijdzone -0700], schreef NoOp: > > > On 09/12/2011 07:04 AM, Ferry Toth wrote: > > > I think you missed the following points in my story: > > > - the CA certificate is generated internally. This means we are CA for > > > our own certificates. They are not blacklisted by FF. > > > - to be validated we manually add the CA certificate ourselves to FF and > > > windows certificate store). > > > - FF shows the certificates are valid (linux) and so does IE (windows). > > > The certificates are NOT blocked. > > > - LO under ubuntu shows the user certificate is invalid because the CA > > > is not in the path (this is new) > > > - LO under windows works fine (yes with the security update installed > > > that removes diginotar) > > > > I suggest you file a bug report on launchpad against Ubuntu's LO (ULO) > > version: > > > > https://bugs.launchpad.net/ubuntu/+source/libreoffice > > > > You might also install standard LO (you can do this without affecting > > ULO) and test to see if that is broken also. If so then you can file a > > bug report on bugzilla: > > http://wiki.documentfoundation.org/BugReport > > > > Perhaps you are experiencing this bug: > > https://bugs.freedesktop.org/show_bug.cgi?id=39825 > > [Does not find Firefox profile for digital certificate signing] > > > > The recent certificate bugs/updates are: > > http://www.ubuntu.com/usn/usn-1197-3 > > http://www.ubuntu.com/usn/usn-1197-1 > > https://launchpad.net/bugs/838322 > > http://www.ubuntu.com/usn/usn-1197-4 > > http://www.ubuntu.com/usn/usn-1197-1 > > http://www.ubuntu.com/usn/usn-1197-3, > > https://launchpad.net/bugs/837557 > > > > So it's quite possible that one (any) of those may have also cause > > breakage in ULO. > > > > > > > > Op maandag 12-09-2011 om 13:07 uur [tijdzone +0100], schreef Dave > > > Sergeant: > > >> On 12 Sep 2011 at 10:52, Ferry Toth wrote: > > >> > > >> > Since years we use digital signatures to sign our documents and protect > > >> > them from inadvertent modifications. > > >> > > > >> > The CA certificate is one generated internally. > > >> > > > >> > Now on linux (ubuntu natty) the certificates are stored by firefox and > > >> > since a recent upgrade to firefox 6.0.2 LO complains that the > > >> > certificate cannot be validated. This happen even right after adding > > >> > the > > >> > signature. > > >> > > > >> > Apparently the root certificate cannot be found by LO. > > >> > > > >> > However, in firefox both personal and CA certificate validate fine. > > >> > > > >> > Switching to windows LO does validate the certificate fine (but there > > >> > the certificates are stored elsewhere). > > >> > > > >> > It look like something changed in FF that broke the digital signing in > > >> > LO. Or is it a configuration issue on my side? > > >> > > > >> > > >> This one is easy to answer. Due to an issue with fraudulent > > >> certificates from the Dutch company Diginotar, Firefox has removed the > > >> Diginotar root certificate from its certificate store. Other browsers > > >> have acted similarly, ie there was a Windows update to achieve the same > > >> on IE. Since you are based in the Netherlands I guess your documents > > >> are validated against Diginotar certificates. See > > >> http://en.wikipedia.org/wiki/DigiNotar > > >> > > >> For many of us not in your country we have never encountered a > > >> Diginotar certificate and it was not even in my certificate store in > > >> Opera. > > >> > > >> Not sure what the answer is, but this seems to be a case of unexpected > > >> consequences of a fairy radical update to Firefox. Your internal > > >> certificates are clearly properly issued, and to block them because of > > >> a few fraudulent ones you are only going to encounter on dodgey sites > > >> seems a bit OTT. > > >> > > >> Dave > > >> > > >> > > >> http://www.davesergeant.com > > >> > > >> > > > > > > > > > > > > > > > > > -- > For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.libreoffice.org/global/users/ > All messages sent to this list will be publicly archived and cannot be deleted -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
