TBB 3.6.6 won't import certificate
In Certificate Manager on the Servers tab I am trying to import a certificate. The GUI allows me to choose a file and the dialog closes but the certificate is not imported and no error dialog is shown.
I have tested the same certificate in vanilla Firefox ESR 24.8.1 and TBB 3.6.2 (the only old version I have) and both work fine.
Trac:
Username: ZcbCkyj5
Activity
This is probably related to the change that was made for #12998 (moved).
-
And possibly fixed in #13366 (moved).
Is that still an issue with Tor Browser 4.0? I think #13366 (moved) should have fixed this.
-
Resolved #13539 (moved) as duplicate. Do you by chance forget to leave Private Browsing Mode befoe trying to import the certificate?
Trac:
Cc: N/A to lucha 
Replying to gk:
Resolved #13539 (moved) as duplicate. Do you by chance forget to leave Private Browsing Mode befoe trying to import the certificate?
By "leave Private Browsing Mode" do you mean deselecting the option "Don't record browsing history or website data (enables Private Browsing Mode)" from the tor button Prefences panel? Because I can't find anything else I should disable.
If that is what you are referring to, then no, it does not allow to import new certificates even with that option disabled.
(By the way, I find a bit counter-intuitive that a "browsing mode" would affect how I interact with the preference panel, but I understand that maybe Firefox has a strange structure to store this data that makes distinguish the two things hard)
Trac:
Username: luchaReplying to gk:
Is that still an issue with Tor Browser 4.0? I think #13366 (moved) should have fixed this.
I can confirm that importing certificates does not work in nightly builds from 2015-01-08. Platform 32-bit Linux (Debian), default installation without config changes or add-ons/extensions. Tested both "Authorities" and "Your Certificates".
On a side note, the following is printed on stdout. Creating the missing directories does not change the result of trying to add a certificate.
(firefox:21823): Gtk-WARNING **: Attempting to store changes into `/home/linus/tor-browser_en-US.20150108/Browser/.local/share/recently-used.xbel', but failed: Failed to create file '/home/linus/tor-browser_en-US.20150108/Browser/.local/share/recently-used.xbel.ZP04RX': No such file or directory (firefox:21823): Gtk-WARNING **: Attempting to set the permissions of `/home/linus/tor-browser_en-US.20150108/Browser/.local/share/recently-used.xbel', but failed: No such file or directoryPlease let me know if I can help track this down further. Being unable to import certificates is quite a problem.
-
Replying to lucha:
Replying to gk:
Resolved #13539 (moved) as duplicate. Do you by chance forget to leave Private Browsing Mode befoe trying to import the certificate?
By "leave Private Browsing Mode" do you mean deselecting the option "Don't record browsing history or website data (enables Private Browsing Mode)" from the tor button Prefences panel? Because I can't find anything else I should disable.
If that is what you are referring to, then no, it does not allow to import new certificates even with that option disabled.
You have to restart your Tor Browser for this to take effect. So, this works for me:
- Click on the Torbutton onion -> Preferences... -> Privacy and Security Settings [Assuming you are using an alpha/nightly build]
- Uncheck "Don't record browsing history or website data (enables Private Browsing Mode)"
- Click on OK
- Restart Tor Browser
- Import a certificate (I tested that with a root CA)
lucha, ln5: Does that work for you?
If so, that is currently expected and #12998 (moved) + #13366 (moved) made this happen. If you think this behavior is wrong and you want to argue for treating the import of certificates differently (i.e. allowing to import certificates (and thus leaving traces on disc) while being in Private Browsing Mode) then this should be a new bug ticket.
Replying to gk:
Replying to lucha:
Replying to gk:
Resolved #13539 (moved) as duplicate. Do you by chance forget to leave Private Browsing Mode befoe trying to import the certificate?
By "leave Private Browsing Mode" do you mean deselecting the option "Don't record browsing history or website data (enables Private Browsing Mode)" from the tor button Prefences panel? Because I can't find anything else I should disable.
If that is what you are referring to, then no, it does not allow to import new certificates even with that option disabled.
You have to restart your Tor Browser for this to take effect. So, this works for me:
- Click on the Torbutton onion -> Preferences... -> Privacy and Security Settings [Assuming you are using an alpha/nightly build]
- Uncheck "Don't record browsing history or website data (enables Private Browsing Mode)"
- Click on OK
- Restart Tor Browser
- Import a certificate (I tested that with a root CA)
lucha, ln5: Does that work for you?
It does. I didn't understand this. Thank you for your thorough clarification.
For readers who like me are undereducated on the subject of "private browsing mode" I'll mention that testing indicates that the mode of the browser (private vs. non-private) selects between two sets of certificates. This means that in order to keep using certs imported in non-private mode one has to keep running the browser in non-private mode.
If so, that is the currently expected and #12998 (moved) + #13366 (moved) made this happen. If you think this behavior is wrong and you want to argue for treating the import of certificates differently (i.e. allowing to import certificates (and thus leaving traces on disc) while being in Private Browsing Mode) then this should be a new bug ticket.
Agreed.
-
Closed #14042 (moved) as duplicate of this.
-
Marked #15976 (moved) as duplicate.
mentioned in issue #13539 (moved)
mentioned in issue #14042 (moved)
mentioned in issue #15797 (moved)
mentioned in issue #15976 (moved)
mentioned in issue #29230 (moved)
mentioned in issue tpo/applications/tor-browser#15797