Opened 19 months ago

Closed 18 months ago

Last modified 6 months ago

#29230 closed defect (duplicate)

The PKCS #12 operation failed for unknown reasons.

Reported by: alexbpk8 Owned by: tbb-team
Priority: Immediate Milestone:
Component: Applications/Tor Browser Version:
Severity: Critical Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

can't import certificate with Tor Browser 8.5a7 (based on Mozilla Firefox 60.5.0esr) (64-bit)

Child Tickets

Change History (8)

comment:1 Changed 19 months ago by alexbpk8

no problem with importing to Firefox 65.0 (32-bit).

comment:2 Changed 19 months ago by alexbpk8

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

comment:3 Changed 19 months ago by gk

Status: newneeds_information

Seems like a duplicate of #13353. Does it work for you if you uncheck the private browsing mode on about:preferences#privacy, restart Tor Browser and then import the certificate? (I believe activating private browsing mode again afterwards should not interfere with your imported certificate, i.e. you need to leave that mode only for importing the certificate for now).

comment:4 Changed 18 months ago by alexbpk8

I unchecked "Always use private browsing mode", restarted torbrowser.
Still can not import certificate.

comment:5 Changed 18 months ago by gk

What happens if you flip security.nocertdb to false (making sure you restart and it is still false)? Can you import the cert then?

comment:6 Changed 18 months ago by alexbpk8

yes, i can. Thank you!

comment:7 Changed 18 months ago by gk

Resolution: duplicate
Status: needs_informationclosed

Okay, I am duping this over to #15797. We should make it more explicit how to import certificates, at least as a first step.

comment:8 Changed 6 months ago by lbo

Happens also on Linux with Tor Browser 9.0.4. I tried working around this by importing with pk12util from package libnss3-tools:

pk12util -v -i my_cert.pfx

pk12util: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

pk12util -v -i my_cert.pfs -d sql:$HOME/.mozilla/firefox/dypqxuy7.default-release/

Enter password for PKCS12 file:
pk12util: PKCS12 IMPORT SUCCESSFUL

But imported certificate still doesn't show up in Firefox about:preferences => View Certificates

Note: See TracTickets for help on using tickets.