Package: sso.debian.org Severity: normal With chromium from Debian buster (80.0.3987.162-1~deb10u1):
when I generate a new key as per the instructions on via manual CSR (https://sso.debian.org/debian/certs/enroll_csr/), paste it in that CSR window and press "Get certificate" then the page will generate a certificate and the browser will download it. When I click on the certificate on the bottom of the browser then it gets displayed, but "Import" is greyed out (I'm not sure whether the program displaying the certificate is the browser or an external certificate viewer). So I go to "Settings" in the browser -> Manage Certificates -> Import, I select the (per instructions) generated pkcs#12 certificate package and the browser tells me Certificate Import Error Unknown error In the terminal where I started the browser I see: 8192:8192:0609/225554.410920:ERROR:nsPKCS12Blob.cpp(255)] PKCS#12 import failed with error -8099 Googling that reveals: https://bugs.chromium.org/p/chromium/issues/detail?id=583784 which is closed for some reason and refers to https://bugs.chromium.org/p/chromium/issues/detail?id=900458 So it seems like the problem is that the generated certificate is EC based (?) which is not supported by Chromium? (Not sure there, since displaying the p12 file with openssl doesn't say anything about EC AFAIC see). Thanks, *t -- System Information: Debian Release: 10.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-9-amd64 (SMP w/8 CPU cores) Locale: LANG=de_CH.utf8, LC_CTYPE=de_CH.utf8 (charmap=UTF-8), LANGUAGE=de_CH:de (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
