Talk:Installing an SMIME certificate

From MozillaZine Knowledge Base
Jump to navigationJump to search

Issues with the content of this page

This page doesn't offer any explanation for the sources from which one might obtain a PKCS12 file (.p12 or .pfx) with one's SMIME certificate and private key. It suggests that such a PKCS12 file might contain a certificate issued by a recognized CA, or might contain a self-signed cert, but it offers no clues about how a user might obtain a PKCS12 file of either form. One does not obtain a PKCS12 file from a legitimate CA. A PKCS12 file contains a copy of the private key, and the CA that issues the certificate has NO BUSINESS having a copy of the private key. The usual sources of PKCS12 files are:

  1. Made by FireFox as a "backup" of a certificate and private key after successfully enrolling for a certificate from a CA over the web, or
  2. Produced as a self-signed cert with OpenSSL or with Mozilla's NSS tools.

The page claims that a self-signed cert cannot be imported from a PKCS12 file unless the certificate has first been imported into the "Authorities" tab. I have not verified that, but if it is true, that is a bug in the product. There should be NO prerequisites to importing a PKCS12 file.