MozillaZine

Disappearing certificates...

User Help for Mozilla Thunderbird
Mourvedre
 
Posts: 7
Joined: July 5th, 2018, 6:55 am

Post Posted July 5th, 2018, 8:30 am

Hello,
For several years, I've been using Thunderbird on different PCs with a personal certificate issued by CACert to sign my e-mails. This worked perfectly.

I am now trying to use Thunderbird 52.8.0 on a W10 pro 1709 machine.
On this PC, I encounter a curious problem: from the TB options, I install the CACert root certificates, give them the "trust" necessary for email signing, and then install my own certificates. Everything works very well and my mails are correctly signed.

If I close TB and restart it 3 min after, everything is gone: my certificates and the root certificates from CACert! I just have to start again all the job...

I checked the Appdata directory and its subdirectories, to make sure there were no authorizations issues and that everyone had write access. It's OK, but I don't know what to do now!

If anyone has an idea, I will be very grateful.
Thank you in advance for your help.

tanstaafl
Moderator

User avatar
 
Posts: 44614
Joined: July 30th, 2003, 5:06 pm

Post Posted July 5th, 2018, 1:02 pm

Are you using it for a S/MIME digital signature?
Did you "For both certificates, select "Trust this CA to identify websites" and "Trust this CA to identify email users."?
Afterwards did you "select the "Root CA" "CA Cert Signing Authority". Check that the certificate has been verified as "Email signer certificate", "Email Recipient certificate" and "Status responder certificate"." ?

I'm wondering if you skipped a step so that the trust was only stored in memory (and lost when you restarted).

http://wiki.cacert.org/FAQ#Certificate_related_problems
http://wiki.cacert.org/ThunderBird

Mourvedre
 
Posts: 7
Joined: July 5th, 2018, 6:55 am

Post Posted July 10th, 2018, 7:18 am

Hello! Sorry for the long time to answer, but the site was unreachable these last days...
- Yes, I use it for a S/MIME digital signature.
- Yes, I checked the three boxes of "trust" and checked they were still checked after I closed an reopened the certificate window. By the bye, everything works OK, till I don't close TB!
- Yes, it looks exactly as if it were only stored in memory, but WHY?
I've already had a deep look at CACert WiKis, but in vain...
Thanks.

tanstaafl
Moderator

User avatar
 
Posts: 44614
Joined: July 30th, 2003, 5:06 pm

Post Posted July 10th, 2018, 8:16 am

I don't know why. I've configured S/MIME before, but not for CACert. Have you considered using a Comodo certificate instead so that you don't have to deal with the trust issues?
http://kb.mozillazine.org/Getting_an_SMIME_certificate

Mourvedre
 
Posts: 7
Joined: July 5th, 2018, 6:55 am

Post Posted July 10th, 2018, 8:48 am

OK, I'll try that. But CACert certificates work perfectly on my others PCs! And don't disappear...

Mourvedre
 
Posts: 7
Joined: July 5th, 2018, 6:55 am

Post Posted July 12th, 2018, 9:23 am

Well... I created and installed the Comodo certificate: everything is OK, no need for more, as the authority certificates are already included in TB. I can send signed mails without problem.
But when I close Thunderbird, the next time I reopen it, my certificate is gone! Exactly as for the CACert one!

Do you know WHERE and HOW Thunderbird stores these certificates?
Thanks for your help.

tanstaafl
Moderator

User avatar
 
Posts: 44614
Joined: July 30th, 2003, 5:06 pm

Post Posted July 12th, 2018, 10:12 am

http://kb.mozillazine.org/Files_and_fol ... hunderbird

Certificates are in cert8.db . The key database is in key3.db. You need to treat them as a set. I noticed I also have a key4.db file and a cert9.db file dated 3/18/2018. Since I sometimes have multiple versions on my system (some really old, the current release, plus beta/daily builds) using the same profile its hard for me to figure out who created a file.

Mourvedre
 
Posts: 7
Joined: July 5th, 2018, 6:55 am

Post Posted July 15th, 2018, 2:10 pm

The last news:
- Comodo certificates also disappear
- I copied cert8.db & key3.db from another machine where the certificate is installed and doesn't disappear. When I started TB, it didn't mind at all and the certificate was gone!
So, it's probably not a storage problem, since when using "good" certificate files, TB persists in ignoring them...
Any ideas?

tanstaafl
Moderator

User avatar
 
Posts: 44614
Joined: July 30th, 2003, 5:06 pm

Post Posted July 15th, 2018, 2:27 pm

Are you using something like ccleaner to clean up profiles?
See if the problem disappears if you use safe mode (help -> restart with add-ons disabled or hold down shift key when clicking on Thunderbird shortcut)

Mourvedre
 
Posts: 7
Joined: July 5th, 2018, 6:55 am

Post Posted July 16th, 2018, 9:25 am

No, I don't use Ccleaner or any other kind of things.
The safe mode didn't solved the problem either. As soon as it started, I checked the certificates: gone!

makaiguy

User avatar
 
Posts: 16672
Joined: November 18th, 2002, 6:44 pm
Location: Somewhere in SE USA

Post Posted July 16th, 2018, 12:08 pm

Mourvedre wrote:No, I don't use Ccleaner or any other kind of things.
The safe mode didn't solved the problem either. As soon as it started, I checked the certificates: gone!

As a stopgap, what happens if, while TB is loaded, you jump out and set the cert file as read-only?
Doug Wilson, "The Makai Guy"
Win10 (64bit): FF 52.9.0 ESR (64bit), TB 60.3.1 (32-bit) ║ Android 8.0/7.1.1: FF Mobile 63.0.2 No TB for Android available, dammit!
What a fool believes he sees, no wise man has the power to reason away - Doobie Brothers

tanstaafl
Moderator

User avatar
 
Posts: 44614
Joined: July 30th, 2003, 5:06 pm

Post Posted July 16th, 2018, 2:23 pm

cert_override.txt is used to store security exceptions and (supposedly) intermediate certificates. https://support.mozilla.org/en-US/questions/1150335 describes a problem with a disappearing certificate with Firefox that was solved by deleting that file. Try deleting it in your Thunderbird profile. Firefox and Thunderbird both use a Mozilla toolkit, so certain components are very similar with both applications.

Mourvedre
 
Posts: 7
Joined: July 5th, 2018, 6:55 am

Post Posted July 17th, 2018, 1:47 am

@tanstaafl: Thanks for your search, but I didn't see any cert_override.txt!

@makaiguy: I "locked" cert8.db and key3.db, closed TB and restarted it. And... it worked! My certs are still there and usable.
While this good idea doesn't explains why this happens, I think it might be a track to help experts explain the whole thing...

Thank you!

Return to Thunderbird Support


Who is online

Users browsing this forum: No registered users and 8 guests