Firefox: certificate can’t be installed

  • I would like to run an https C++ server from this source code.

    I have followed up this website to generate the certificate:

    openssl genrsa -des3 -out server.key 1024
    openssl req -new -key server.key -out server.csr
    cp server.key server.key.org
    openssl rsa -in server.key.org -out server.key
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
    

    which led to creation of four files:

    server.crt
    server.csr
    server.key
    server.key.org
    

    Then, in my firefox browser, I go to preferences/advanced:

    about:preferences#advanced
    

    Then view certificate, your certificates, import.

    import certificate

    enter image description here

    But at the end, I face with an error and nothing happens:

    This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.

    error

    All necessary file including server.key are there.

    What is the problem?

    What should I do?

    It does not matter if the key is "there" - you did not offer it together with the certificate so the browser knows nothing about it. Just cat *.crt and *.key together into one file and import this: `cat server.crt server.key > cert_and_key.pem`. Or just add the key to the certificate, i.e. `cat server.key >> server.crt`.

    @SteffenUllrich, I still get the same error when importing `cert_and_key.pem`: `This personal certificate can’t be installed because you do not own the corresponding private key which was created when the certificate was requested.`

    That certificate is supposed to authenticate the server, it's not supposed to authenticate you. You need to import it in server, not your certificates.

    @user2313067, The server tab has no import button. It only has `add exception` button.

    Are you trying to add a server certificate as a client certificate?

    @BaconBrad, I have tried `authorities` tab as well. It does import the certificate but makes no effect. Firefox still gives warnings.

  • It looks like that Firefox (and Chrome too) can only import key and cert together if they are inside a PKCS#12 file but not when they are in a PEM format. To create such a file from the created certificates:

    openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12
    

    Then import the server.p12 file in Firefox.

    Thanks a lot. It stores the password successfully but the connection is not secure: screenshot

    @ar2015: The certificate was successfully imported. What you ask now is a different question and should not be asked as a comment. But I recommend that you look at the "Advanced" information offered. If these don't help you and you cannot find anything useful based on the information in Advanced please ask a new question and include the details from Advanced and the contents of your certificate.

License under CC-BY-SA with attribution


Content dated before 7/24/2021 11:53 AM

Tags used