Reading Previously Encrypted Emails
Lisa D. Mitchell
certificate, they were no longer able to read previously encrypted
emails? If so, how did you fix it (if at all)? I'm using CMS 4.1 for
certificate renewal; the user platforms are Windows 95, 98, and
Macintosh. I've verified that the keypair for the old and renewed
certificates are both present under Certificates>Yours.
I've also noticed that, in some instances, I can't send encrypted email
to myself unless my certificate also appears under Certificates>People;
has anyone else seen that?
Thanks,
Lisa
Nelson B. Bolyard
You should not generally see a certificate under both "yours" and "people".
If a cert appears under "people", this is generally a sign that the browser
cannot find the private key for this cert in your key DB.
It is possible, if you have two certs with identical subject names but
different public keys, for the key database to hold the private key that
corresponds to one of those certs, but not the other one. SO you have two
certs, one of which is "yours" (because you have the private key for it)
and one of which is "people" (because you don't have the private key for it).
It is also possible that your cert/key databases have become corrupted.
Here are some suggestions:
1. attempt to "export" all your cert/key pairs, both current and past, one
at a time, into PKCS#12 (.p12) files. (I'm guessing you know how to do that.)
If you find you cannot export a cert, it may be that the private key is absent.
2. Exit the browser. Make sure it's not running any more.
3. rename your cert7.db and key3.db files to cert7.old and key3.old.
4. restart your browser. It will create new cert and key db files.
5. create a password for your key db file.
6. "import" all those cert/key pairs from those PKCS#12 files you created
in step 1.
Now, everything should be like new.
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape