[EMAIL PROTECTED] wrote: > > Question: > > I am attempting to encrypt and sign e-mails with a Rainbow iKey2032 in > Mozilla 1.7.3. I have loaded on the PKCS#11 module and when I try to > import the certificates within mail
import the certificates within mail?
AFAIK, certs are not imported within mozilla's email UI. Certs are imported by mozilla's certificate manager. You start the cert amanger by going to Edit -> Preferences -> "Private & Security" -> "Certificates" and bonking the "Manage Certificates" button.
Certs only need to be imported if they are not already in your iKey and also are not in your browser's cert DataBase. If your personal signing and/or encryption certs are already on your token, you don't need to import them, otherwise, you need to import them into the iKey.
If the cert for the CA that issued your cert is already in your iKey OR in mozilla's cert DataBase, then you don't need to import it, otherwise you need ti import it into either (a) your iKey or (b) your copy of mozilla's cert DB.
If your cert was not issued by one of the public CAs that is already known to mozilla (recorded in mozilla's store of trusted CA certs) then you need to mark the root issuer CA for your cert as trusted for email.
Finally, you need to select your default signing and encryption cert(s) in the "mail and newsgroup account settings", under "security".
> it comes up with the error: > 'Certificate Manager can not locate a valid certificate that can be > digitally used to sign your messages' (this is when I attempt to import > the signing cert, but this also happens when I try to import the > encryption cert).
Hmm. That message ought to occur when you attempt to sign a message, if you don't have a validated cert chosen for signing. I've never seen it happen when you're importing a cert.
> I have done a bit of reading and I have found out that the iKey software > (which would include the relevant module) is not supported in Netscape > versions above 6.0/6.1.
Not supported by whom? Please cite a reference URL for that information.
> Does this incompatibility also apply to Mozilla?
If the iKey PKCS11 module (software) supports PKCS11 version 2.0 (or later) properly, then it should work with mozilla.
> Jason Conomos
If you need further help, we could help you more if you tell us this info: a) what CA issued your cert? b) what certs are already in your iKey, if any?
/Nelson _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
