Summary: | Can't import PFX certificates (Firefox and Chrome does) | ||
---|---|---|---|
Product: | [Applications] kleopatra | Reporter: | Rafael Linux User <rafael.linux.user> |
Component: | general | Assignee: | kdepim bugs <kdepim-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | grave | CC: | aheinecke, ashtongj, darek86, dibbinartius, montel, mutz, rafael.linux.user |
Priority: | NOR | ||
Version: | 2.2.0 | ||
Target Milestone: | --- | ||
Platform: | openSUSE | ||
OS: | Linux | ||
Latest Commit: | http://commits.kde.org/kleopatra/ad87f15135b3f2aea01778bb9d2ec1c2fe566a37 | Version Fixed In: | 16.04 |
Sentry Crash Report: |
Description
Rafael Linux User
2014-04-11 09:50:24 UTC
I discovered this is a old bug unsolved from 2011: https://bugs.kde.org/show_bug.cgi?id=282718 How we generate a PFX certificate ? Usually, you can download it from a Certificate Provider. It's installed on your browser. Then you can export (with or without password) to a PFX file (from that browser, Firefox, in this case). "Et voilá". Chrome does support to import the same ".pfx" certificate files too. I wish I answered your question. I can export just as PEM file in firefox linux. This is for Firefox Winxxx, but it is the same for Linux (in my case, OpenSUSE). You can put extension .pfx or .p12, is equivalent. http://blog.ksoftware.net/2011/07/exporting-your-code-signing-certificate-to-a-pfx-file-from-firefox/ Interesting if you want to know more about: PFX files are PKCS#12 Personal Information Exchange Syntax Standard files. They can include arbitrary number of private keys with accompanying X.509 certificates (public keys) and a Certificate Authority Chain (IIS accepts only .pfx files) On the other hand, a ".cert" (or ".cer" or ".crt") file usually contains a single certificate, alone and without any wrapping (no private key, no password protection, just the certificate). CER files: CER file is used to store X.509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public and private certificate keys. A CER file can be in binary (ASN.1 DER) or encoded with Base-64 with header and footer included (PEM). PFX files Personal Exchange Format, is a PKCS12 file. This contains a variety of cryptographic information, such as certificates, root authority certificates, certificate chains and private keys. It’s cryptographically protected with passwords to keep private keys private and preserve the integrity of the root certificates. A workaround to this Kleopatra issue is to extract from PFX only the private key: openssl pkcs12 -in container_pass_protected.pfx -out cert_wo_pass.crt -nokeys -clcerts Git commit ad87f15135b3f2aea01778bb9d2ec1c2fe566a37 by Andre Heinecke. Committed on 08/04/2016 at 16:17. Pushed by aheinecke into branch 'Applications/16.04'. Add classification for pfx files Importing PFX files just works if Kleopatra can classify them by extension. M +1 -0 src/utils/classify.cpp http://commits.kde.org/kleopatra/ad87f15135b3f2aea01778bb9d2ec1c2fe566a37 The problem was just missing support in Kleopatra's classify routine for the file extension .pfx. (As expected as gpgsm handled this on the command line) For testing I've converted my usual test certificates (.p12 for the private key and .pem for the chain) to pfx by first extracting the key from the p12: openssl pkcs12 -in testuserA.p12 -nocerts -out testuserA.key and then packing it all together in a pfx. openssl pkcs12 -export -out testuserA.pfx -inkey testuserA.key -in testuserA-Kette.pem Import worked and the complete chain was imported. *** Bug 354713 has been marked as a duplicate of this bug. *** *** Bug 315816 has been marked as a duplicate of this bug. *** |