SUMMARY On https://docs.kde.org/stable5/en/okular/okular/signatures.html#adding_digital_signatures, it is explained that Digital Certificates will be automatically loaded from the Firefox certificate store. I have four certificates active in Firefox. However, in Okular, when I click on Tools, Digitally sign, it reports: "There are no available signing certificates". STEPS TO REPRODUCE 1. Open Firefox on page about:certificate 2. Open Okular, try Tools, Digitally Sign 3. Go to Tools, Configure Backends, PDF OBSERVED RESULT 1. Firefox about:certificate shows several certificates under "Your certificates" 2. Digitally sign: There are no available signing certificates 3. Backends PDF List is empty EXPECTED RESULT Certificates are recognized. Maybe there is an issue when installing Okular 21.12.1 via snap (latest/candidate channel) on Ubuntu 18 ? In any case, maybe there should be a way to load a certificate by hand if there are problems with the Firefox certificate store. Using poppler's functionality to open .p12 files: https://invent.kde.org/graphics/okular/-/merge_requests/36/diffs?commit_id=e5ba4e759123ccc9248153521275074bdeadbfd5 SOFTWARE/OS VERSIONS Linux/KDE Plasma: Ubuntu 18 ADDITIONAL INFORMATION
I know nothing about the snap confinement, may not be able to access the proper Firefox certificate store. Personally i would suggest you to use the flathub version, but I'm adding some people that may help you figuring out what's wrong with the snap version.
Thanks for the reply and suggestion. Indeed, when I installed via flatpak, it works out of the box, the Firefox certificate store is recognized and listed under PDF Backend config. (Minor detail, in flatpak I have 21.12.3, whereas in snap I had 21.12.1). The difference I see is in the default certificate folder: - for flatpak: /home/user/.mozilla/firefox/abcd.default - for snap: /home/user/snap/okular/112/.pki/nssdb (which does not exist) In any case, I tried setting in the snap version the "custom folder" to /home/user/.mozilla/firefox/abcd.default and it still does not recognize any certificate.
Same problem here on Ubuntu 22.04, Firefox v108, Poppler 22.12.0 and Okular 22.08.3 installed from flatpak. In my system, both $USER/.pki/nssdb (used by default on Okular backend) and $USER/.mozilla/firefox/vkre7ysu.default-release have .so pksc11 library of usb token installed and working - I can sign and verify libreoffice documents with them - but no certificate is listed when Okular's infrastructure backend pops up and thus, and thus, not possible to sign any pdf. Is there something that could be done about this? unfortunately running from command line does not show any warnings nor errors. Its possible to verify documents already signed but not possible to sign once no certificate is found by Okular. Thanks in advance for any help.
> Is there something that could be done about this? I ended up installing Okular via flatpak instead of snap, there it works. If you prefer to continue with snap, you might try to establish a symlink between what snap considers its HOME folder and what your actual HOME folder is, maybe it detects that then. See https://askubuntu.com/a/1257529/1179344
Created attachment 154598 [details] attachment-26999-0.html Thanks for the suggestion, but I've already tried snap installing - originally my firefox (which is by default snap installed) didn't load pkcs11 module and needed to manually install the latest version in order to be able to load and work with it. I was hoping that Okular would have the same behavior but unfortunately even after installing from flatpak it still doesn't find my installed certificates as firefox does. I wonder if it would have something to do with Ubuntu 22.04 or something misconfigured on Poppler. Em qui., 15 de dez. de 2022 às 05:10, ferdymercury <bugzilla_noreply@kde.org> escreveu: > https://bugs.kde.org/show_bug.cgi?id=452095 > > --- Comment #4 from ferdymercury <fernando.hueso@uv.es> --- > > Is there something that could be done about this? > > I ended up installing Okular via flatpak instead of snap, there it works. > > If you prefer to continue with snap, you might try to establish a symlink > between what snap considers its HOME folder and what your actual HOME > folder > is, maybe it detects that then. See > https://askubuntu.com/a/1257529/1179344 > > -- > You are receiving this mail because: > You are on the CC list for the bug.
In my case, with flatpak, I was getting also the error that no certificate was found. Even if the default folder of mozilla was being found (when checking Configure Backends, PDF, the path was correct). And in Firefox itself, about:certificate showed the certificate. What I did was to change the path to ~/.pki/nssdb, and then it worked. So either Okular was not able to access .mozilla/profile/nssdb due to some weird permissions (even if I activated everything with flatseal), or Firefox was relying on a non-default position of the nssdb certificates being store in .pki instead of within the Firefox profile.
Maybe related: https://stackoverflow.com/questions/74292645/how-to-share-certificates-between-firefox-and-okular-on-ubuntu-22-04