https://bugs.kde.org/show_bug.cgi?id=436820
--- Comment #8 from Gabriel Memmert <gabriel.memm...@web.de> --- Oh, that's very true. I didn't find good changes yet. Nevertheless two sugestions: * Poppler will try to use the following -> Poppler will try to use one of the following * adding: You can check which cert store is used via the entry in the 'PDF Backend Configuration' section of the 'Configure Backends...' dialog. I would appreciate if there were instructions on how to properly (or easiest) add a certificate. I am not sure whether this would be helpfull to many people. What is the usual setup procedure to enable the signing documents? Is it something that is always preconfigured in your organisation? After reading on [ArchWiki - nss](https://wiki.archlinux.org/index.php/Network_Security_Services) and [MDN NSS](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Tools) I got to these two instructions that worked for me (manjaro kde, firefox installed, .p12 and .pfx certificates): VERSION A: 1. Go to the 'PDF Backend Configuration' section of the 'Configure Backends...' dialog. Find the certificate store that okular uses by default (right now one can *not* mark or copy from this field!) and in the following commands please substitute 'cert/store' with the found path. One example would be `/home/myuser/.mozilla/firefox/abcdef12.default-release` 2. Add the certificate via `pk12util -d sql:cert/store -i /path/to/cert/filename.p12`. You can see the certificate added in `certutil -d sql:cert/store -L`. You can check the certificate for signing messages via `certutil -d sql:cert/store -V -u S -n "certificate-name"` you need to look for `certificate-name` in the output of the previous command. This output is acceptable: `certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.` 3. restart okular, now everything should be working. The certificate should be listed in the 'PDF Backend Configuration' section. VERSION B: 1. Add the certificate via `pk12util -d sql:$HOME/.pki/nssdb -i /path/to/cert/filename.p12`. You can see the certificate added in `certutil -d sql:$HOME/.pki/nssdb -L`. You can check the certificate for signing messages via `certutil -d sql:$HOME/.pki/nssdb -V -u S -n "certificate-name"` you need to look for `certificate-name` in the output of the previous command. This output is acceptable: `certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.` 2. Go to the 'PDF Backend Configuration' section of the 'Configure Backends...' dialog. Set the certificate store to custom and set the path to `$HOME/.pki/nssdb` 3. restart okular, now everything should be working. The certificate should be listed in the 'PDF Backend Configuration' section. Questions: * Do I need `sql:` in the commands? * Is the environment variable the same in okular and shell? * Should one do something about this invalid certificate message? * ... -- You are receiving this mail because: You are watching all bug changes.
