I created an S/MIME certificate using the CASTLE ACME e-mail server and added their root certificate to Evolution. When I tried to import my own new S/MIME certificate (which supports both encryption and signing), Evolution asked for the password, just as expected. However, it did not accept it and continued asking for the password over and over again.
For reference, I imported the certificate by clicking on the “Import” button under Edit > Preferences > Certificates > Your certificates. I tried it with 0000_cert.pfx, ca.pem, cert.pem and chain.pem, i.e. all certificate files generated by CASTLE.
Did I do anything wrong?
Note that I also had previously imported another S/MIME certificate for a different e-mail account, which I’ve successfully used for encryption and signing numerous times already in Evolution. Also, importing my new certificate into Thunderbird and using it for signing/encrypting e-mails worked fine.
Evolution version: 3.44.4-0ubuntu2
OS: Zorin OS 17.1 Core
Kernel: Linux dell-zorin 6.5.0-26-generic #26~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Tue Mar 12 10:22:43 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
Hi,
what does the password prompt look like, please? Especially what
password does it ask for?
When you try to write anything to the certificate database, you are
asked for the password of the database. Only after that you are asked
for the password of the certificate (I’d use the .pfx format). The
database password had been chosen the first time you tried to write
anything to it.
There had been done some fixes in accepting certain letters in the
password too. I do not recall when exactly it had been done, for which
version, though the 3.44.4 is ancient, released on 2022-08-05. Maybe
use only ASCII letters and numbers for the file. When you run Evolution
from a terminal it might show some debugging information there.
Bye,
Milan
It does not ask for the certificate database’s password or for any other password. Also, I don’t remember having ever set a password for the certificate database at all.
Maybe use only ASCII letters and numbers for the file.
I changed the password to 64 alphanumeric characters (A-Z, a-z, 0-9) following this guide, but that didn’t help.
Here’s the terminal output:
pixelcode@dell-zorin:~/Applications/acme_email_new/live$ evolution
** (evolution:93503): WARNING **: 16:52:40.729: WEBKIT_FORCE_SANDBOX no longer allows disabling the sandbox. Use WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 instead.
importing pkcs12 from '/home/pixelcode/Applications/acme_email_new/live/pixelcode@dismail.de_cert.pfx'
PKCS12: NSS error: -8187 (security library: invalid arguments.)
PKCS12: NSS error: -8187 (security library: invalid arguments.)
PKCS12: NSS error: -8187 (security library: invalid arguments.)
PKCS12: User cancelled operation
importing pkcs12 from '/home/pixelcode/Applications/acme_email_new/live/pixelcode@dismail.de_cert.pfx'
PKCS12: User cancelled operation
(evolution:93503): GLib-GIO-WARNING **: 16:58:45.492: Your application did not unregister from D-Bus before destruction. Consider using g_application_run().
(evolution:93503): evolution-util-WARNING **: 16:58:45.521: Failed to call 'Evo.AddRuleIntoStyleSheet("*","-e-web-view-style-sheet","body, div, p, td","unicode-bidi: plaintext;")' function: WebKitJavascriptError:601: Unsupported result type
pixelcode@dell-zorin:~/Applications/acme_email_new/live$
Right, that’s the latest version in Zorin’s APT repo. I manually installed version 3.52.0 from Flathub, and now importing the certificate works fine. Thank you!
Hi, the password prompt just says “Enter the password for the PKCS12
file”:
Hi,
I see, then it’s a good prompt.
It does not ask for the certificate database’s password or for any
other password.
I see.
Also, I don’t remember having ever set a password for the certificate
database at all.
Weird, but it can be saved in the keyring or such. I do not recall
precisely, I’m sorry.
Maybe use only ASCII letters and numbers for the file.
I changed the password to 64 alphanumeric characters (A-Z, a-z, 0-9)
following this guide, but that didn’t help.
…
PKCS12: NSS error: -8187 (security library: invalid arguments.)
That’s an odd error, looks like something in NSS itself. Especially
when you used an ASCII password.
I manually installed version 3.52.0 from Flathub, and now importing
the certificate works fine.
Nice. Thank you for trying the latest code. The Flatpak NSS and
the in-host NSS versions might possibly differ. In any case, good you
made it work and chose a more recent Evolution.
