You say your own certificate is reported as being invalid, i.e. Mozilla says it is unable to verify it.
The most common failure reasons are:
1) In your environment, you need to use a proxy to connect to OCSP validation servers. Unfortunately, the security library in Mozilla as of today is unable to connect through a proxy, regardless whether you a proxy configured in your Mozilla network settings or not. OCSP not working through proxies is a bug. Mozilla's failure to report this circumstances is another one.
2) Your problem might also be as simple as having improper trust set to your certificate's issueing CA. If your certificate was issued by, say, your own company's private CA, your certificates will not be trusted - this also applies to your own certificate. Check this: Go to cert manager and view your own certificate. Look up which CA issued your cert. Now open the "authorities" tab in cert manager. Find the CA cert that issued your cert and select it. Click "edit". Is any of the checkboxes checked? If not, you should decide whether this certificate is trustworthy and click the appropriate checkboxes. Now go back to your certificate and try again.
3) In your original posting you say, you are unable to send out mail. However, you do not explain what exactly is failing. Please let us know whether an error message is shown and what it says. Did you notice that you must go to a mail window, open the mail news account settings, go to the "Security" tab, and select both certificates? Does that succeed? If your own certificate is not trusted, this will fail and you will see an error message. If you able to select the certs, your certs are fine.
4) If you are still unable to send the message, go to "view message security info" or click the lock icon in the tool bar. The window that opens up should give you more information. Let us know what it says if you can't fix the problem on your own.
Kai
Eitzenberger Thomas wrote:
Hold the horses :o) and thanx for the speedy reply/support
A little line makes me suspicious about my success on importing my private key:
Beside the Help button in the Certificate Manager the line reads:
"Certificates have not been validated with OCSP. Click View to do so"
Clicking View yields:
"Could not verify this certificate for unknown reasons."
If it is helpful I could supply some details like (fingerprints for SHA1 and MD5, ....)
or the OCSP settings (now using the Use OCSP to validate only certificates that specify an OCSP Service URL)
Now do I have successfully imported my key or not ? At least it is shown in the list of my private keys.
May this be the reason for not being able to send encrypted or signed mails cause when I want to do so
mozilla complains about not having a private key for me in the system and ask if it should show me the guide on how to install a key ?
best reagrds ET
Nelson B. Bolyard wrote:
Eitzenberger Thomas wrote:
Now I got my private key and imported it into Mozilla without any
problem. I can read any encrypted mail that I get from any siemens
employee. But I am not able to send any encrypted mail out to anyone.
One hint probably: I can not import any public key from anyone. It
silently ignores the import and does NOT show the other people in the
tabbed list box
I have attached an public key example that fails FWIW
Any help would be appreciated so that I could start persuading/argueing
to switch from Ootlook to Mozilla :o)
Name: [EMAIL PROTECTED]
[EMAIL PROTECTED] Type: Security Certificate (application/x-x509-ca-cert)
Encoding: base64
The cert you attached had the wrong mime content-type. It had the
content-type application/x-x509-ca-cert, but this is not a CA cert.
I'd guess that you're using the same mime type to try to download other user's certs. If so, that's the problem.
See http://wp.netscape.com/eng/security/comm4-cert-download.html#communicator
for the info on the right mime types to use.
--
Nelson Bolyard Disclaimer: I speak for myself, not for Netscape
