On 22.11.18 17:38, [email protected] wrote: > Now, I want to import a certificate, originally created by our company PKI as > SSL-Client certificate for use with Cisco Anyconnect VPN clients. > > I realized that it differs in its DN format, misses explicit mail > sing/encryption flags and has additional subject alternative names. > > Two of my company email addresses are contained as > > 1. "Subject: CN = <myuid>@<companydomain>" > 2."X509v3 Subject Alternative Name: DNS:vpn.<companydomain>, > email:<myemailname>@<companydomain> > > I was trying to figure out why Thunderbird refuses to accept this cert for > use with either
How did you learn that TB refused it? In account settings, security tab (not openpgp security tab), if you click a select button, does TB offer you to use that certificate? If it isn't offered, your certificate doesn't have the properties that TB expects. It would be helpful to see a full dump of the properties of your certificate. Does it include a certificate key usage extension that allows both digital signature and data encipherment? Kai -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
