Disappearing certificates...
-
- Posts: 7
- Joined: July 5th, 2018, 6:55 am
Disappearing certificates...
Hello,
For several years, I've been using Thunderbird on different PCs with a personal certificate issued by CACert to sign my e-mails. This worked perfectly.
I am now trying to use Thunderbird 52.8.0 on a W10 pro 1709 machine.
On this PC, I encounter a curious problem: from the TB options, I install the CACert root certificates, give them the "trust" necessary for email signing, and then install my own certificates. Everything works very well and my mails are correctly signed.
If I close TB and restart it 3 min after, everything is gone: my certificates and the root certificates from CACert! I just have to start again all the job...
I checked the Appdata directory and its subdirectories, to make sure there were no authorizations issues and that everyone had write access. It's OK, but I don't know what to do now!
If anyone has an idea, I will be very grateful.
Thank you in advance for your help.
For several years, I've been using Thunderbird on different PCs with a personal certificate issued by CACert to sign my e-mails. This worked perfectly.
I am now trying to use Thunderbird 52.8.0 on a W10 pro 1709 machine.
On this PC, I encounter a curious problem: from the TB options, I install the CACert root certificates, give them the "trust" necessary for email signing, and then install my own certificates. Everything works very well and my mails are correctly signed.
If I close TB and restart it 3 min after, everything is gone: my certificates and the root certificates from CACert! I just have to start again all the job...
I checked the Appdata directory and its subdirectories, to make sure there were no authorizations issues and that everyone had write access. It's OK, but I don't know what to do now!
If anyone has an idea, I will be very grateful.
Thank you in advance for your help.
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Disappearing certificates...
Are you using it for a S/MIME digital signature?
Did you "For both certificates, select "Trust this CA to identify websites" and "Trust this CA to identify email users."?
Afterwards did you "select the "Root CA" "CA Cert Signing Authority". Check that the certificate has been verified as "Email signer certificate", "Email Recipient certificate" and "Status responder certificate"." ?
I'm wondering if you skipped a step so that the trust was only stored in memory (and lost when you restarted).
http://wiki.cacert.org/FAQ#Certificate_related_problems
http://wiki.cacert.org/ThunderBird
Did you "For both certificates, select "Trust this CA to identify websites" and "Trust this CA to identify email users."?
Afterwards did you "select the "Root CA" "CA Cert Signing Authority". Check that the certificate has been verified as "Email signer certificate", "Email Recipient certificate" and "Status responder certificate"." ?
I'm wondering if you skipped a step so that the trust was only stored in memory (and lost when you restarted).
http://wiki.cacert.org/FAQ#Certificate_related_problems
http://wiki.cacert.org/ThunderBird
-
- Posts: 7
- Joined: July 5th, 2018, 6:55 am
Re: Disappearing certificates...
Hello! Sorry for the long time to answer, but the site was unreachable these last days...
- Yes, I use it for a S/MIME digital signature.
- Yes, I checked the three boxes of "trust" and checked they were still checked after I closed an reopened the certificate window. By the bye, everything works OK, till I don't close TB!
- Yes, it looks exactly as if it were only stored in memory, but WHY?
I've already had a deep look at CACert WiKis, but in vain...
Thanks.
- Yes, I use it for a S/MIME digital signature.
- Yes, I checked the three boxes of "trust" and checked they were still checked after I closed an reopened the certificate window. By the bye, everything works OK, till I don't close TB!
- Yes, it looks exactly as if it were only stored in memory, but WHY?
I've already had a deep look at CACert WiKis, but in vain...
Thanks.
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Disappearing certificates...
I don't know why. I've configured S/MIME before, but not for CACert. Have you considered using a Comodo certificate instead so that you don't have to deal with the trust issues?
http://kb.mozillazine.org/Getting_an_SMIME_certificate
http://kb.mozillazine.org/Getting_an_SMIME_certificate
-
- Posts: 7
- Joined: July 5th, 2018, 6:55 am
Re: Disappearing certificates...
OK, I'll try that. But CACert certificates work perfectly on my others PCs! And don't disappear...
-
- Posts: 7
- Joined: July 5th, 2018, 6:55 am
Re: Disappearing certificates...
Well... I created and installed the Comodo certificate: everything is OK, no need for more, as the authority certificates are already included in TB. I can send signed mails without problem.
But when I close Thunderbird, the next time I reopen it, my certificate is gone! Exactly as for the CACert one!
Do you know WHERE and HOW Thunderbird stores these certificates?
Thanks for your help.
But when I close Thunderbird, the next time I reopen it, my certificate is gone! Exactly as for the CACert one!
Do you know WHERE and HOW Thunderbird stores these certificates?
Thanks for your help.
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Disappearing certificates...
http://kb.mozillazine.org/Files_and_fol ... hunderbird
Certificates are in cert8.db . The key database is in key3.db. You need to treat them as a set. I noticed I also have a key4.db file and a cert9.db file dated 3/18/2018. Since I sometimes have multiple versions on my system (some really old, the current release, plus beta/daily builds) using the same profile its hard for me to figure out who created a file.
Certificates are in cert8.db . The key database is in key3.db. You need to treat them as a set. I noticed I also have a key4.db file and a cert9.db file dated 3/18/2018. Since I sometimes have multiple versions on my system (some really old, the current release, plus beta/daily builds) using the same profile its hard for me to figure out who created a file.
-
- Posts: 7
- Joined: July 5th, 2018, 6:55 am
Re: Disappearing certificates...
The last news:
- Comodo certificates also disappear
- I copied cert8.db & key3.db from another machine where the certificate is installed and doesn't disappear. When I started TB, it didn't mind at all and the certificate was gone!
So, it's probably not a storage problem, since when using "good" certificate files, TB persists in ignoring them...
Any ideas?
- Comodo certificates also disappear
- I copied cert8.db & key3.db from another machine where the certificate is installed and doesn't disappear. When I started TB, it didn't mind at all and the certificate was gone!
So, it's probably not a storage problem, since when using "good" certificate files, TB persists in ignoring them...
Any ideas?
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Disappearing certificates...
Are you using something like ccleaner to clean up profiles?
See if the problem disappears if you use safe mode (help -> restart with add-ons disabled or hold down shift key when clicking on Thunderbird shortcut)
See if the problem disappears if you use safe mode (help -> restart with add-ons disabled or hold down shift key when clicking on Thunderbird shortcut)
-
- Posts: 7
- Joined: July 5th, 2018, 6:55 am
Re: Disappearing certificates...
No, I don't use Ccleaner or any other kind of things.
The safe mode didn't solved the problem either. As soon as it started, I checked the certificates: gone!
The safe mode didn't solved the problem either. As soon as it started, I checked the certificates: gone!
- makaiguy
- Posts: 16878
- Joined: November 18th, 2002, 6:44 pm
- Location: Somewhere in SE USA
- Contact:
Re: Disappearing certificates...
As a stopgap, what happens if, while TB is loaded, you jump out and set the cert file as read-only?Mourvedre wrote:No, I don't use Ccleaner or any other kind of things.
The safe mode didn't solved the problem either. As soon as it started, I checked the certificates: gone!
Doug Wilson
Win10 64bit: FF 124.0.2 64bit, TB 102.12.0 32-bit ║ Android 13/10: FF 124.2.0/115.9.0 ║ No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers
Win10 64bit: FF 124.0.2 64bit, TB 102.12.0 32-bit ║ Android 13/10: FF 124.2.0/115.9.0 ║ No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers
- tanstaafl
- Moderator
- Posts: 49647
- Joined: July 30th, 2003, 5:06 pm
Re: Disappearing certificates...
cert_override.txt is used to store security exceptions and (supposedly) intermediate certificates. https://support.mozilla.org/en-US/questions/1150335 describes a problem with a disappearing certificate with Firefox that was solved by deleting that file. Try deleting it in your Thunderbird profile. Firefox and Thunderbird both use a Mozilla toolkit, so certain components are very similar with both applications.
-
- Posts: 7
- Joined: July 5th, 2018, 6:55 am
Re: Disappearing certificates...
@tanstaafl: Thanks for your search, but I didn't see any cert_override.txt!
@makaiguy: I "locked" cert8.db and key3.db, closed TB and restarted it. And... it worked! My certs are still there and usable.
While this good idea doesn't explains why this happens, I think it might be a track to help experts explain the whole thing...
Thank you!
@makaiguy: I "locked" cert8.db and key3.db, closed TB and restarted it. And... it worked! My certs are still there and usable.
While this good idea doesn't explains why this happens, I think it might be a track to help experts explain the whole thing...
Thank you!