Leap42 - do Firefox and Thunderbird not share certificates?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Leap42 - do Firefox and Thunderbird not share certificates?

Per Jessen
This is probably not Leap specific, but I thought at least Firefox and
Thunderbird would be sharing certificates?  (I'm guessing Chrome and
Opera will certainly have their own, separate certificate storage)

On Leap, I installed a new root certificate from Firefox. I expected
Thunderbird to pick this up too, but it didn't.  

Am I expecting too much?   I'm guessing systemwide root certificate are
in /usr/share/pki/trust, what would be the right place for adding
systemwide, local certificates?


--
Per Jessen, Zürich (10.2°C)
http://www.hostsuisse.com/ - virtual servers, made in Switzerland.

--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Leap42 - do Firefox and Thunderbird not share certificates?

Carlos E. R.-2
On 2015-11-14 11:29, Per Jessen wrote:

> On Leap, I installed a new root certificate from Firefox. I expected
> Thunderbird to pick this up too, but it didn't.  

No; at least those you install via TH/FF menu are not shared. Since as
long as I can remember. Curious, now you mention it.

--
Cheers / Saludos,

                Carlos E. R.
                (from 13.1 x86_64 "Bottle" at Telcontar)


signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Leap42 - do Firefox and Thunderbird not share certificates?

Lew Wolfgang
On 11/14/2015 03:26 AM, Carlos E. R. wrote:
> On 2015-11-14 11:29, Per Jessen wrote:
>
>> On Leap, I installed a new root certificate from Firefox. I expected
>> Thunderbird to pick this up too, but it didn't.
> No; at least those you install via TH/FF menu are not shared. Since as
> long as I can remember. Curious, now you mention it.
>

I vaguely remember at one time they shared certificates.  I recall
being annoyed when the sharing stopped.  Of course, my memory isn't
the only thing that has gotten short these daze...

Regards,
Lew



--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Leap42 - do Firefox and Thunderbird not share certificates?

Wolfgang Rosenauer-4
In reply to this post by Per Jessen
Hi,

Am 14.11.2015 um 11:29 schrieb Per Jessen:

> This is probably not Leap specific, but I thought at least Firefox and
> Thunderbird would be sharing certificates?  (I'm guessing Chrome and
> Opera will certainly have their own, separate certificate storage)
>
> On Leap, I installed a new root certificate from Firefox. I expected
> Thunderbird to pick this up too, but it didn't.  
>
> Am I expecting too much?   I'm guessing systemwide root certificate are
> in /usr/share/pki/trust, what would be the right place for adding
> systemwide, local certificates?

Firefox and Thunderbird never shared imported certificates officially.
On openSUSE they are sharing the root CA store.
In the past there was an inofficial implementation to make it possible
to make Firefox and Thunderbird (and seamonkey) share the same cert
store. It was basically never used and I dropped this support meanwhile
for Thunderbird with version 38:

- dropped openSUSE specific patches
  * thunderbird-shared-nss-db.patch
  * mozilla-shared-nss-db.patch
    the provided feature seems not to be used and its maintenance
    is not worth the ongoing efforts

What is manually still possible is to configure NSS in a way that
certificates can be imported into the system wide cert store which in
turn is used by all Mozilla applications.


Wolfgang
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Leap42 - do Firefox and Thunderbird not share certificates?

Marcus Rueckert-3
In reply to this post by Per Jessen
On 2015-11-14 11:29:36 +0100, Per Jessen wrote:

> This is probably not Leap specific, but I thought at least Firefox and
> Thunderbird would be sharing certificates?  (I'm guessing Chrome and
> Opera will certainly have their own, separate certificate storage)
>
> On Leap, I installed a new root certificate from Firefox. I expected
> Thunderbird to pick this up too, but it didn't.  
>
> Am I expecting too much?   I'm guessing systemwide root certificate are
> in /usr/share/pki/trust, what would be the right place for adding
> systemwide, local certificates?

install p11-kit-nss-trust, then all NSS apps will also the cert store
maintained by ca-certificates. no need anymore to maintain nss dbs
for that.

hth

    darix

--
           openSUSE - SUSE Linux is my linux
               openSUSE is good for you
                   www.opensuse.org
--
To unsubscribe, e-mail: [hidden email]
To contact the owner, e-mail: [hidden email]