I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, us… (funda kabanzi)
I am struggling to import User certificates generated by our Microsoft Active Directory Certificate Authority (running 2012 R2) into Firefox. I have exported from IE, used openssl pkcs12 commands to break the certificate apart into specific ca certs, client certs and private key to verify content. Created a new .pfx file from those individual parts. Nothing I can do gets me past failed to import because of unspecified error from Firefox. I have tried manually using pk12util command as well, using the -i option it fails saying unable to import the private key, however pk12util -l shows that the private key is part of the pkcs12 certificate file.
I have come to the conclusion that the private keys being generated are incompatible with Firefox, but I haven't been able to find any information on what keys are compatible or incompatible, so I can see if adjustments on the certificate Authority will prevent this in the future. We will soon be implementing some web applications that will require client certificates. And I don't want to enforce the need for users to use IE instead of Firefox due to the inability to import the Certificate.
pk12util -l ... output:
Certificate(has private key):
Version: 3 (0x2)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Not Before: Thu Sep 18 20:59:04 2014
Friendly Name: ...
Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
pk12util -i ... output:
pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.
Does anyone have any ideas?