Hi! I'm having some problems with using certificates in mozilla and now just wanted to post my problems here to see, what I'm doing wrong, or if mozilla's certificate management does not work correctly!
1. I attached my own CA root-certificate to this posting which I want to use for securing our companies' mailsystem. The problem is, that mozilla however does not recognize it as a CA certificate although it contains all netscape extensions I found. What is wrong about this certificate ? Why does mozilla not recognize it as a CA ? Shouldn't mozilla recognize it as a ca certificate and store it, if confirmed to do so, under the section with the trusted ca certificates in the certificate manager ? 2. There is no possibility to view the details of the ca certificate after storing a certificate signed by it! Eg: When I connect to a site with https which has a certificate signed with my ca certificate, mozilla says that the certificate was signed by a ca which mozilla does not know about. This is correct! Now I can click on "view certificate" and then under the details of the certificate I can also view the details of the ca certificate which gets delivered by the webserver! If I now check the checkbox to store the certificate permanently it gets stored under the section "Web sites". There I can view the details of the certificate again but if I click on "edit" and in the appearing dialogbox on "Edit CA trust" mozilla says that the certificate for the ca was not found (because it was not stored with the certificate). So why wasn't the ca certificate stored ? Another thing which I do not understand is, why mozilla does not complain about an unkown ca when connecting again after storing the certificate although the ca was not stored ! So if I once marked a certificate as trusted, it does not matter if the ca is known or not ? 3. In the certificate manager, when viewing a pre-installed ca certificate there is the sentence "This certificate has been verified for the following uses:" with the verified uses! When viewing my ca certificate there just is nothing, only the sentence without any uses! Why ? 4. Mozilla does not recognize the version 3 extensions subjectAltName and issuerAltName ! This would be really a feature to implement because one could use a single certificate for more than one website! So please implement the version 3 extensions (correctly) ! And final: All my problems only occur with mozilla! MSIE and Outlook both know about the version 3 extensions and my ca certificate is recognized as such and the certificates have verified uses! In the MS world everything works as I expected it to, but mozilla cannot even handle my ca! What must I change with the certificates to get it working in mozilla ? Or is the certifiacte management broken ? Thanks for your time !
-----BEGIN CERTIFICATE----- MIIF4jCCBUugAwIBAgIBADANBgkqhkiG9w0BAQQFADB6MQswCQYDVQQGEwJERTEd MBsGA1UECBMUTm9yZC1SaGVpbiBXZXN0ZmFsZW4xGjAYBgNVBAoTEVJFTlQtQS1N QUlMU0VSVkVSMRQwEgYDVQQLEwtUcnVzdGNlbnRlcjEaMBgGA1UEAxMRUkVOVC1B LU1BSUxTRVJWRVIwHhcNMDIwNDMwMDAwNTE2WhcNMjIwNDI1MDAwNTE2WjB6MQsw CQYDVQQGEwJERTEdMBsGA1UECBMUTm9yZC1SaGVpbiBXZXN0ZmFsZW4xGjAYBgNV BAoTEVJFTlQtQS1NQUlMU0VSVkVSMRQwEgYDVQQLEwtUcnVzdGNlbnRlcjEaMBgG A1UEAxMRUkVOVC1BLU1BSUxTRVJWRVIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAMr0vHOH2aKxj/BfqxItYazkhI3ZQCynYHVdLpm2SXauMR0yLbzu8YeI4bm3 5kQ5EAe79+O1zADMO5W5SIpT7y5lSKditbcRWH0cne+x0KdtgJpqM84a98HS07Zs 3QWFfFGtblc5xkgKABXZgoHCgU1KHpWAEkHDqIlP3qeEft1ZAgMBAAGjggN2MIID cjAdBgNVHQ4EFgQUWqeCzy61UW5MS1kqZ8FSNTGzGBMwgaQGA1UdIwSBnDCBmYAU WqeCzy61UW5MS1kqZ8FSNTGzGBOhfqR8MHoxCzAJBgNVBAYTAkRFMR0wGwYDVQQI ExROb3JkLVJoZWluIFdlc3RmYWxlbjEaMBgGA1UEChMRUkVOVC1BLU1BSUxTRVJW RVIxFDASBgNVBAsTC1RydXN0Y2VudGVyMRowGAYDVQQDExFSRU5ULUEtTUFJTFNF UlZFUoIBADAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE BAMCAQYwggE7BgNVHREEggEyMIIBLoIWKi5yZW50LWEtbWFpbHNlcnZlci5kZYIX Ki5yZW50LWEtbWFpbHNlcnZlci5jb22CFyoucmVudC1hLW1haWxzZXJ2ZXIubmV0 ghcqLnJlbnQtYS1tYWlsc2VydmVyLm9yZ4IYKi5yZW50LWEtbWFpbHNlcnZlci5p bmZvghcqLnJlbnQtYS1tYWlsc2VydmVyLmJpeoIUKi5yZW50YW1haWxzZXJ2ZXIu ZGWCFSoucmVudGFtYWlsc2VydmVyLmNvbYIVKi5yZW50YW1haWxzZXJ2ZXIubmV0 ghUqLnJlbnRhbWFpbHNlcnZlci5vcmeCFioucmVudGFtYWlsc2VydmVyLmluZm+C FSoucmVudGFtYWlsc2VydmVyLmJpeoIMKi5mcmVlLWl0LnR2MIIBOwYDVR0SBIIB MjCCAS6CFioucmVudC1hLW1haWxzZXJ2ZXIuZGWCFyoucmVudC1hLW1haWxzZXJ2 ZXIuY29tghcqLnJlbnQtYS1tYWlsc2VydmVyLm5ldIIXKi5yZW50LWEtbWFpbHNl cnZlci5vcmeCGCoucmVudC1hLW1haWxzZXJ2ZXIuaW5mb4IXKi5yZW50LWEtbWFp bHNlcnZlci5iaXqCFCoucmVudGFtYWlsc2VydmVyLmRlghUqLnJlbnRhbWFpbHNl cnZlci5jb22CFSoucmVudGFtYWlsc2VydmVyLm5ldIIVKi5yZW50YW1haWxzZXJ2 ZXIub3JnghYqLnJlbnRhbWFpbHNlcnZlci5pbmZvghUqLnJlbnRhbWFpbHNlcnZl ci5iaXqCDCouZnJlZS1pdC50djANBgkqhkiG9w0BAQQFAAOBgQCWnPdgXnd17Ufv KJ+7ipuwimMz/+SY6JzCikUnQofu0XvAlhaeYQ9Rr56NLRdnKDCzES1XOFMEAJ3O NYCkYB/YWsP24KQDF2wFsmLhdl86hu3Mq3sY4aQQ72wqB/5j9z/UnvdL3KBr2A8h 0iaeZHZTpa/CT3QALIn/U9jhj+S5yQ== -----END CERTIFICATE-----
