OK, so I just upgraded from 18.04 LTS to 20.04 LTS, and with it came an upgrade from "standalone" (apt managed) Chromium to "snaps" Chromium, and while trying to do some activities with a public administration in Spain, I was faced with an error for no personal certificates existed (and I have two of them imported in Chromium before upgrading Ubuntu).
I was shocked to see none of the two personal certificates were showing in Chromium anymore. When exporting one of them from Firefox and importing into Chromium, the p12 wouldn't even show in the list to be picked up when importing. Went a step back and followed the authentication chain all the way down from the root: - Root CA certificate : https://www.sede.fnmt.gob.es/documents/10445900/10526749/AC_Raiz_FNMT-RCM_SHA256.cer This one could not be imported just because it was already loaded by default in Chromium. But the dialog which opens when following the link directly has the "Import" button greyed out. - Subordinated CA certificate (the one used to sign the users' certificates) : https://www.sede.fnmt.gob.es/documents/10445900/10526749/AC_FNMT_Usuarios.cer This one also had the "Import" button greyed out when following the link. If going through the certificate authority "import" in preferences, after selecting the "CA uses", gives an "unknown error". Both this and the root CA are obtained in DER format. Wasted my time converting the certificate from DER to PEM format and trying to import it, to (as expected) no avail. For reference, here you have a full (abbreviated) dump of the certificate that wouldn't be imported (certainly certificate is NOT expired and it uses up to date SHA256 signatures and 2048 bit RSA public keys): """ openssl x509 -inform DER -in AC_FNMT_Usuarios.cer -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 45:5f:3a:e1:5c:21:cd:ba:54:4f:82:aa:47:51:eb:db Signature Algorithm: sha256WithRSAEncryption Issuer: C = ES, O = FNMT-RCM, OU = AC RAIZ FNMT-RCM Validity Not Before: Oct 28 11:48:58 2014 GMT Not After : Oct 28 11:48:58 2029 GMT Subject: C = ES, O = FNMT-RCM, OU = Ceres, CN = AC FNMT Usuarios Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public-Key: (2048 bit) Modulus: 00:9d:20:04:26:2d:fb:2d:69:30:cb:d9:93:7f:a5: ... b0:47 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: B1:D4:4F:C4:23:79:FA:44:05:09:C6:EB:39:CF:E8:35:B0:B8:20:64 Authority Information Access: OCSP - URI:http://ocspfnmtrcmca.cert.fnmt.es/ocspfnmtrcmca/OcspResponder CA Issuers - URI:http://www.cert.fnmt.es/certs/ACRAIZFNMTRCM.crt X509v3 Authority Key Identifier: keyid:F7:7D:C5:FD:C4:E8:9A:1B:77:64:A7:F5:1D:A0:CC:BF:87:60:9A:6D X509v3 Certificate Policies: Policy: X509v3 Any Policy CPS: http://www.cert.fnmt.es/dpcs/ User Notice: Explicit Text: Sujeto a las condiciones de uso expuestas en la Declaración de Prácticas de Certificación de la FNMT-RCM ( C/ Jorge Juan, 106-28009-Madrid-España) X509v3 CRL Distribution Points: Full Name: URI:ldap://ldapfnmt.cert.fnmt.es/CN=CRL,OU=AC%20RAIZ%20FNMT-RCM,O=FNMT-RCM,C=ES?authorityRevocationList;binary?base?objectclass=cRLDistributionPoint URI:http://www.cert.fnmt.es/crls/ARLFNMTRCM.crl Signature Algorithm: sha256WithRSAEncryption 8c:3d:28:b4:e0:7e:0d:f3:6e:5c:da:5c:77:3d:80:64:1e:4e: ... 34:66:50:1b:75:c2:98:11 """ This defect basically makes Chromium in Ubuntu 20.04 unusable in Spain for anyone doing any kind of transaction with most public administrations in Spain, including but not limited to filling your taxes (we are in the middle of the 2019 year tax filling). Guess as per the original reporter's upstream Bug with Google this may not be due to Ubuntu but to some Google's messup. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/1662440 Title: Unable to import FNMT certificates in chromium or chrome Status in chromium-browser package in Ubuntu: Triaged Bug description: Hi, there's an "unknown error" when you try to import certificates from the FNMT on Chrome or derivatives. There's an error when you try to import the personal certificate, but also when you try to import the CA certificates from the FNMT. Here you can download the AC certificates: https://www.sede.fnmt.gob.es/descargas/certificados-raiz-de-la-fnmt (spanish) Direct links: https://www.sede.fnmt.gob.es/documents/10445900/10526749/AC_Raiz_FNMT-RCM_SHA256.cer 2nd class: https://www.sede.fnmt.gob.es/documents/10445900/10526749/FNMTClase2CA.cer ... ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: chromium-browser 55.0.2883.87-0ubuntu0.16.04.1263 Uname: Linux 4.8.8-040808-generic x86_64 ApportVersion: 2.20.1-0ubuntu2.5 Architecture: amd64 CurrentDesktop: Unity DRM.card0-HDMI-A-1: enabled: enabled dpms: On status: connected edid-base64: AP///////wA4o0pnAQEBAQ0TAQOgLx54Kg61qlE3qyUUUFS/74CBwIFAgYCLwJUAkECzAHFPITmQMGIaJ0AYsDZA2igRAAAcAAAA/QA4Sx9TEQAKICAgICAgAAAA/ABQMjIxVwogICAgICAgAAAA/wA5MzEwMDk0NE5CCiAgASECAxtiIwl/B4MBAABnAwwAIACALUMBEATiAA8AADYAQOhjAAAaGh0AgFHQHCBAgDUAQIRjAAAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlQ== modes: 1680x1050 1920x1080 1920x1080 1400x1050 1280x1024 1280x1024 1440x900 1280x960 1360x768 1152x864 1280x720 1280x720 1024x768 1024x768 1024x768 832x624 800x600 800x600 800x600 800x600 640x480 640x480 640x480 640x480 640x480 720x400 DRM.card0-eDP-1: enabled: disabled dpms: Off status: connected edid-base64: AP///////wAGr50hAAAAAAAVAQSQJhV4AsiVnldUkiYPUFQAAAABAQEBAQEBAQEBAQEBAQEBFDeAwHA4IEAwZDYAfdYQAAAYuCSAwHA4IEAwZDYAfdYQAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAMM/kKPGQfFCJuICAgAMs= modes: 1920x1080 1920x1080 Date: Tue Feb 7 08:12:37 2017 Desktop-Session: 'ubuntu' '/etc/xdg/xdg-ubuntu:/usr/share/upstart/xdg:/etc/xdg' '/usr/share/ubuntu:/usr/share/gnome:/usr/local/share/:/usr/share/:/var/lib/snapd/desktop' DetectedPlugins: Env: 'None' 'None' InstallationDate: Installed on 2016-08-01 (189 days ago) InstallationMedia: Ubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719) Load-Avg-1min: 1.07 Load-Processes-Running-Percent: 0.1% MachineType: Hewlett-Packard HP ENVY 17 Notebook PC SourcePackage: chromium-browser UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 10/03/2013 dmi.bios.vendor: Insyde dmi.bios.version: F.35 dmi.board.asset.tag: Type2 - Board Asset Tag dmi.board.name: 1966 dmi.board.vendor: Hewlett-Packard dmi.board.version: KBC Version 93.49 dmi.chassis.asset.tag: 5CG35023TQ dmi.chassis.type: 10 dmi.chassis.vendor: Hewlett-Packard dmi.chassis.version: Chassis Version dmi.modalias: dmi:bvnInsyde:bvrF.35:bd10/03/2013:svnHewlett-Packard:pnHPENVY17NotebookPC:pvr0884100000305B00000620100:rvnHewlett-Packard:rn1966:rvrKBCVersion93.49:cvnHewlett-Packard:ct10:cvrChassisVersion: dmi.product.name: HP ENVY 17 Notebook PC dmi.product.version: 0884100000305B00000620100 dmi.sys.vendor: Hewlett-Packard gconf-keys: /desktop/gnome/applications/browser/exec = b'firefox\n'/desktop/gnome/url-handlers/https/command = b'sensible-browser %s\n'/desktop/gnome/url-handlers/https/enabled = b'true\n'/desktop/gnome/url-handlers/http/command = b'sensible-browser %s\n'/desktop/gnome/url-handlers/http/enabled = b'true\n'/desktop/gnome/session/required_components/windowmanager = b''/apps/metacity/general/compositing_manager = b''/desktop/gnome/interface/icon_theme = b'gnome\n'/desktop/gnome/interface/gtk_theme = b'Clearlooks\n' modified.conffile..etc.default.chromium-browser: [deleted] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1662440/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
