Importing certificate fails
-
Hi. I'm new to Vivaldi, and trying to set up the mail client. I am the administrator of the mailserver, running postfix/dovecot for smtps/imaps
The server runs on self signed certificates, so I'm guessing the reason why the mail client does not connect is that the certificate has to be imported to the client.
I've found chrome://settings/certificates to be the place to import certificates, but the import fails with the error:The private key for this client certificate is missing or invalid
The same message is shown either I try to import the smtps/imaps certificate, or the CA certificate that signed to server cert.
I tried to save a file with the same name, with a .key extention that contains the key - no change
Then I tried to append the key into the certificate file - no change
Then I tried to import the key file - got the error “invalid certificate”I’ve removed the password from the keyfile - no change
Where is Vivaldi expecting to find the key?
-
@marlinus the
Your certificates
is to register client certificates, authenticating a client to a server.From your description, you want to add the (public) CA or peer/server certificate to be accepted by the client.
These should not have (or require) a (private) key. -
@marlinus Vivaldi as other Chromium related browsers uses a own certificate store which can be managed by program
certutil
of nsstools package.
See https://www.linux.org/docs/man1/certutil.htmlIf you use a own CA certificate:
If you want to add a CA certificate, you have to run certutil from package libnss3-tools.
Open a shell and run this command line:
certutil -d sql:$HOME/.pki/nssdb -A -t "CT,C,c" -n "Name of CA certificate" -i filename.pem
where filename.pem is the file name of the CA certificate and Name of CA certificate a name to identify the certificate.
Source: https://labs.gwendragon.de/blog/Web/Browser/Vivaldi/linux-add-ca-certificate-to-vivaldi-2
If you have only a self-created cert without signed by own CA:
Import of a self-signed certificate with certutil:
certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "Hostname or Name of Device" -i certificate-to-be-imported.crt
Source: https://labs.gwendragon.de/blog/Web/Browser/Vivaldi/vivaldi-linux-zertifikat-importieren?page=1#cid1721898711.60355 (comment in english)
-
@marlinus Welcome in our Vivaldi Community
Some useful links for you:
- Help on Vivaldi Mail (mail client for use with calendars, feeds, mails)
- Help on Vivaldi Calendar (the part of Vivaldi Mail client)
- User Reputation to use Vivaldi mail account
Do not hesitate to ask, we are a community to help users.
Enjoy browsing with Vivaldi.
-
Thank you. I finally got it working. Turns out I needed both the CA and the server cert imported. And they both had to be in the .pem format.
The commands that ended up working was:
certutil -d sql:$HOME/.pki/nssdb -A -t "C,C,c" -n "CA mydomain.net" -i CAcert.pem
(without the uppercase T used by @DoctorG )certutil -d sql:$HOME/.pki/nssdb -A -t "P,P," -n "mail.mydomain.net" -i mail.mydomain.net.pem
(added an extra uppercase P)Now it's logged in, and I'm looking forward to get to familiar with Vivaldi mail client.
-
@marlinus Oh, yes. My examples were for web server, not for email or object signing.
My little fault