On 2010-10-20 09:54 PDT, Matej Kurpel wrote: > Hello, > I have set up my own CA and issued one certificate signed by this CA. > However, I cannot use this certificate to send signed e-mail from > Thunderbird. It says "Could not verify this certificate for unknown > reasons".
PSM's infamous "for an unknown reason" error message, the bane of my existence for about a decade now. See https://bugzilla.mozilla.org/show_bug.cgi?id=desired When any NSS function fails, NSS always provides a reason code. But years ago, the manager of the group responsible for implementing the GUI for Mozilla's crypto security decided that error details were unimportant, and so, to save schedule time, he allowed his employee to do a very incomplete job of producing error message strings for the various error codes, and simply present a default string in all other cases that says "for an unknown reason". We've been plagued with that ever since. In all the years since then, it has never been important to Mozilla UI folks to fix this. It seems to be an entrance requirement to get into GUI design school. They ask you "is security UI design important?", and if you say "yes", or even hesitate to say "NO!", you're out. ("HELL NO!" is the preferred answer.) So, here's what you do. Use one of NSS's command line tools to verify your certificate chain for the email certificate usage, and see what it says. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
