Both sound like bugs that has been fixed a while ago. You did not mention, but from your message header I can see you are using a Mozilla 0.9.9+ version.
I suggest to retry with a recent nightly build from the stable 1.0 branch. With a recent build, when you import a yet untrusted cert, it should get added to the CA tab. Although you might need to close and open cert manager to see it. You also should no longer be able to send a signed message with an untrusted or invalid cert. Kai Victor Probo wrote: > During testing this weekend, I found some anomolies in the certificate > manager. I created a selfsigned CA cert (using OpenSSL), and then signed > and exported a couple of user certs (with 5 day expiration periods). > > 1) Importing one of these .p12 certificate file showed that all was > well, (sucessful) and no warnings or errors were displayed visibly. As > expected, the cert is listed in the 'Yours' display as 'Failing' > verification... but unfortunately the CA root cert does not display in > the Authorities list (the full chain was in the .p12). And since > individual certs can not be trusted explicitly (no GUI), this cert may > never be usable (you would think). > > This may be a storage problem or simply a display problem. > > 2) I was able to select this failed cert for signing and encryption of > email, in the email security section. (As an aside, not being able to > display the SubjectAltName other than a hex string makes things more > challenging). Anyway, I was able to sucessfully send a signed message > using this cert. That is surprising, unless the internal state is other > than that displayed to the user. > > Victor Probo >
