Checking the links below I find:
- they are all connected with the diginotar CA and have nothing to do
with my issue
- except https://bugs.freedesktop.org/show_bug.cgi?id=39825
However here it is described the dialog box comes up empty. This is not
so in my case. I sign the document as always. Then when I check the
signature it shows it can't validate (apparently because it can not find
the root CA).
I'm wandering if all types of certificates fail to validate or only the
ones where the CA is on the 'software security device' (as opposed to
the 'built-in object token') in Firefox.
Ferry
Op zondag 18-09-2011 om 22:32 uur [tijdzone +0200], schreef Ferry Toth:
Yeah, it is quite possible to blame the Ubuntu Natty build.
But the problem occurs just since my most recent Firefox update. So it
would be nice to see if somebody can reproduce this before I file a bug.
I'm looking into your links now.
Ferry
Op maandag 12-09-2011 om 11:30 uur [tijdzone -0700], schreef NoOp:
On 09/12/2011 07:04 AM, Ferry Toth wrote:
I think you missed the following points in my story:
- the CA certificate is generated internally. This means we are CA for
our own certificates. They are not blacklisted by FF.
- to be validated we manually add the CA certificate ourselves to FF and
windows certificate store).
- FF shows the certificates are valid (linux) and so does IE (windows).
The certificates are NOT blocked.
- LO under ubuntu shows the user certificate is invalid because the CA
is not in the path (this is new)
- LO under windows works fine (yes with the security update installed
that removes diginotar)
I suggest you file a bug report on launchpad against Ubuntu's LO (ULO)
version:
https://bugs.launchpad.net/ubuntu/+source/libreoffice
You might also install standard LO (you can do this without affecting
ULO) and test to see if that is broken also. If so then you can file a
bug report on bugzilla:
http://wiki.documentfoundation.org/BugReport
Perhaps you are experiencing this bug:
https://bugs.freedesktop.org/show_bug.cgi?id=39825
[Does not find Firefox profile for digital certificate signing]
The recent certificate bugs/updates are:
http://www.ubuntu.com/usn/usn-1197-3
http://www.ubuntu.com/usn/usn-1197-1
https://launchpad.net/bugs/838322
http://www.ubuntu.com/usn/usn-1197-4
http://www.ubuntu.com/usn/usn-1197-1
http://www.ubuntu.com/usn/usn-1197-3,
https://launchpad.net/bugs/837557
So it's quite possible that one (any) of those may have also cause
breakage in ULO.
Op maandag 12-09-2011 om 13:07 uur [tijdzone +0100], schreef Dave
Sergeant:
On 12 Sep 2011 at 10:52, Ferry Toth wrote:
Since years we use digital signatures to sign our documents and protect
them from inadvertent modifications.
The CA certificate is one generated internally.
Now on linux (ubuntu natty) the certificates are stored by firefox and
since a recent upgrade to firefox 6.0.2 LO complains that the
certificate cannot be validated. This happen even right after adding the
signature.
Apparently the root certificate cannot be found by LO.
However, in firefox both personal and CA certificate validate fine.
Switching to windows LO does validate the certificate fine (but there
the certificates are stored elsewhere).
It look like something changed in FF that broke the digital signing in
LO. Or is it a configuration issue on my side?
This one is easy to answer. Due to an issue with fraudulent
certificates from the Dutch company Diginotar, Firefox has removed the
Diginotar root certificate from its certificate store. Other browsers
have acted similarly, ie there was a Windows update to achieve the same
on IE. Since you are based in the Netherlands I guess your documents
are validated against Diginotar certificates. See
http://en.wikipedia.org/wiki/DigiNotar
For many of us not in your country we have never encountered a
Diginotar certificate and it was not even in my certificate store in
Opera.
Not sure what the answer is, but this seems to be a case of unexpected
consequences of a fairy radical update to Firefox. Your internal
certificates are clearly properly issued, and to block them because of
a few fraudulent ones you are only going to encounter on dodgey sites
seems a bit OTT.
Dave
http://www.davesergeant.com
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.