On 22.11.18 17:38, mbch...@gmail.com wrote:
> Now, I want to import a certificate, originally created by our company PKI as 
> SSL-Client certificate for use with Cisco Anyconnect VPN clients.
> I realized that it differs in its DN format, misses explicit mail 
> sing/encryption flags and has additional subject alternative names. 
> Two of my company email addresses are contained as 
>   1. "Subject: CN = <myuid>@<companydomain>" 
>   2."X509v3 Subject Alternative Name: DNS:vpn.<companydomain>, 
> email:<myemailname>@<companydomain>
> I was trying to figure out why Thunderbird refuses to accept this cert for 
> use with either

How did you learn that TB refused it?

In account settings, security tab (not openpgp security tab), if you
click a select button, does TB offer you to use that certificate?

If it isn't offered, your certificate doesn't have the properties that
TB expects. It would be helpful to see a full dump of the properties of
your certificate. Does it include a certificate key usage extension that
allows both digital signature and data encipherment?

dev-tech-crypto mailing list

Reply via email to