GNOME Bugzilla – Bug 336305
Cannot import certificates: "Password for NSS User Private Key"
Last modified: 2010-09-18 22:07:50 UTC
Please describe the problem: I exported a certificate from Firefox, and Evolution refuses to import it. I get a dialog that says: Enter the password for `NSS User Private Key and Certificate Services' That string does not appear anywhere in the Evolution source, but does appear in the Mozilla sources. I don't know what password it is asking for. Steps to reproduce: 1. 2. 3. Actual results: Expected results: Does this happen every time? Other information:
make sure you're using the right password - there could be more than one, e.g. the one for the exported certs, and one for the certificate db.
also see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=185285 dave, cc'ing you. can you add an upstream link to the redhat bug? thanks in advance.
The version of Evolution I was using is: 2.6.0-0ubuntu3, i386, from "Dapper Drake", fresh daily. I just tried it again with the same release number but for amd64, also running "Dapper Drake" fresh daily, and it DOES work. There was more dialogs, but it got past the NSS one and presented the one Evolution creates. Attached are the 'ldd' outputs from each computer.
Created attachment 62260 [details] ldd =evolution-2.6 on AMD64 Notice that the libnss3 is coming from /usr/lib/ on this machine.
Created attachment 62261 [details] ldd =evolution-2.6 on i386 Notice that libnss3 is being linked from /usr/lib/mozilla on this i386 machine.
ld.so.conf on the i386 contains only "/usr/lib/atlas", and on the amd64 it contains that plus entries for the 32-bit libraries, so nothing unusual on either box. The version of 'mozilla-browser' is the same on both machines, 2:1.7.12-1.1ubuntu2. That of 'mozilla-psm' is also the same, 2:1.7.12-1.1ubuntu2, matching that of the browser. My guess is that there should be a 'Build-Conflicts' declared for 'mozilla-dev', and that it was installed on the i386 build host, but not on the amd64 one. Q: Does the Ubuntu/Debian 'Evolution' maintainer crew follow this tracker? I'll drop a heads-up on their list to be sure. :-)
hi karlheg, thanks a lot for investigating, we really appreciate your work.
The rebuild did not fix the problem. It was still linking against /usr/lib/mozilla/libnss3.so. I removed the 'mozilla-browser' package, and now it's linking against /usr/lib/libnss3.so. I don't know how to fix that, and am interested in knowing how to do it.
Created attachment 62263 [details] Difference between ldd before and after on i386 perl -p -e 's/ \([^\)]+\)//' < ldd-evo-i386.txt > ldd-evo-i386-noaddr.txt perl -p -e 's/ \([^\)]+\)//' < ldd-evo-i386_2.txt > ldd-evo-i386-noaddr_2.txt diff -u ldd-evo-i386-noaddr.txt ldd-evo-i386-noaddr_2.txt > ldd-evo.diff Even after the rebuild and removal of 'mozilla-browser', so that now it's linking against the same (ostensibly) versions of the same libraries as the one that works on amd64, it refuses to import the identical certificate. The behaviour is exactly the same --- the NSS dialog keeps reappearing each time I type the password.
I have the same problem in Evolution 2.6.2. I can't import any certs because evolution keeps on asking the "NSS User Private Key and Certificate Services" even if the cert passphrase is correct. What's the matter? And I don't understand which libnss3, libsmime ecc. evolution should be linked to. To those of mozilla (firefox) or what? But packages NSS and NSPR come from mozilla group... I was only able to import a selfsigned root CA certificate made with openssl. Thanx, Marco
marco: which distribution are you using? confirming as per duplicate.
marco: ...and please also provide your architecture (64bit or 32bit?)
Platform: 32 bit Distribution: Slackware 10.2 Package: Evolution 2.6.2 (and prerequisite) from Dropline GNOME 2.14.2
also see bug 337060
Under evolution 2.12.1, both the passwords for nss certificate db and backup passwords fail. Idealy evolution should ask for both. the backup password first then the nss certicifate db password second. This works in applications such as openoffice which actually reads certificates directly from the user's firefox profile. Also, I remember this worked in evolution 2.10 but is now broken in 2.12
Can someone who has evo and evo-data-server build against nss 3.12beta check if they still get this bug?
This is fixed with evolution running against system nss 3.12rc4 here. Please confirm.
Ping? The wording in latest stable evolution running nss 3.12.x doesn't exhibit this bug here and importing certificates now accepts the nss security password. Please look into this. It looks fixed to me.
works for me under evolution 2.30
I can confirm that Evolution is able to import a certificate exported by Firefox. Evolution 2.28.3 and libnss 3.12.6. Closing bug...