Bug 825558 - Won't import X.509 certificate: "Import failed: The field is read-only."
Won't import X.509 certificate: "Import failed: The field is read-only."
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: seahorse (Show other bugs)
17
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Matthias Clasen
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-27 15:21 EDT by James
Modified: 2013-07-02 08:38 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-02 08:38:55 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description James 2012-05-27 15:21:51 EDT
Description of problem:
Attempting to import an X.509 certificate either by double-clicking on in Nautilus, or via Seahorse's "Import" function, fails with the message "Import failed: The field is read-only."

Version-Release number of selected component (if applicable):
seahorse-3.4.1-1.fc17.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Make or obtain an X.509 certificate, PEM format.
2. Double-click its icon in Nautilus.
3. Click Import. Click OK to accept the default label.
4. Error message appears. Certificate not imported.
  
Actual results:
Certificate importated into my personal store.
Comment 1 Juan Francisco Fernández 2012-05-28 06:00:42 EDT
Same problem here. I have tried pcks12 certificate with the same result. 

Is there any way/workaround to import a cert on gnome 3.4 now?

Greets!
Comment 2 Rob K 2012-06-27 23:06:04 EDT
Same issue here! All a bit nonintuitive.
Comment 3 Stef Walter 2012-06-29 08:19:28 EDT
We haven't yet completed the work on unifying all the certificate stores on the Desktop. But thanks for reporting this bug.

Could you hover over the Import button and note the tooltip that appears here?

Or you could:

G_MESSAGES_DEBUG="Gcr" GCR_DEBUG="all" gcr-viewer /path/to/pkcs12.file

And then paste the output into this bug.
Comment 4 Juan Francisco Fernández 2012-07-02 03:49:47 EDT
The tooltip says: "Import to: User Key Storage". And this is the output of G_MESSAGES_DEBUG="Gcr" GCR_DEBUG="all" gcr-viewer /path/to/pkcs12.file. Thanks!

(gcr-viewer:2638): Gcr-DEBUG: gcr_pkcs11_initialize_async: starting initialize of registered modules
(gcr-viewer:2638): Gcr-DEBUG: on_initialize_registered: completed initialize of registered modules
(gcr-viewer:2638): Gcr-DEBUG: _gcr_initialize_library: initialized library
(gcr-viewer:2638): Gcr-DEBUG: _gcr_initialize_library: initialized library
(gcr-viewer:2638): Gcr-DEBUG: _gcr_initialize_library: initialized library
(gcr-viewer:2638): Gcr-DEBUG: gcr_importer_create_for_parsed: looking for importer for: (6) [ { CKA_CLASS = CKO_CERTIFICATE }, { CKA_CERTIFICATE_TYPE = CKC_X_509 }, { CKA_VALUE =  (765) NOT-PRINTED }, { CKA_SUBJECT =  (56) "061\x0b0\t\x06\x03U\x04\x06\x13\x02ES1\r0\x0b\x06\x03U\x04\n\x13\x04FNMT1\x180\x16\x06\x03U\x04\x0b\x13\x0fFNMT Clase 2 CA" }, { CKA_ISSUER =  (56) "061\x0b0\t\x06\x03U\x04\x06\x13\x02ES1\r0\x0b\x06\x03U\x04\n\x13\x04FNMT1\x180\x16\x06\x03U\x04\x0b\x13\x0fFNMT Clase 2 CA" }, { CKA_SERIAL_NUMBER =  (4) "6\xf1\x1b\x19" } ]
(gcr-viewer:2638): Gcr-DEBUG: gcr_importer_create_for_parsed: importer matched: (2) [ { CKA_CLASS = CKO_CERTIFICATE }, { CKA_CERTIFICATE_TYPE = CKC_X_509 } ]
(gcr-viewer:2638): Gcr-DEBUG: is_slot_importable: token is not importable: SSH Keys: write protected
(gcr-viewer:2638): Gcr-DEBUG: is_slot_importable: token is not importable: Root CA Certificates: write protected
(gcr-viewer:2638): Gcr-DEBUG: is_slot_importable: token is not importable: Secret Store: on the black list
(gcr-viewer:2638): Gcr-DEBUG: is_slot_importable: token is not importable: Gnome2 Key Storage: on the black list
(gcr-viewer:2638): Gcr-DEBUG: _gcr_pkcs11_importer_create_for_parsed: creating importer for token: User Key Storage
(gcr-viewer:2638): Gcr-DEBUG: gcr_importer_create_for_parsed: importer didn't match: (1) [ { CKA_CLASS = CKO_PRIVATE_KEY } ]
(gcr-viewer:2638): Gcr-DEBUG: gcr_importer_create_for_parsed: importer didn't match: (1) [ { CKA_CLASS = 0xC7435200 } ]
couldn't lock 16384 bytes of memory (attributes): No se pudo asignar memoria
Comment 5 Christian Stadelmann 2013-02-08 04:58:19 EST
Bug still present, any chance to fix it?

My output for this command:
G_MESSAGES_DEBUG="Gcr" GCR_DEBUG="all" gcr-viewer ./root.der

(gcr-viewer:28026): Gtk-WARNING **: Theme parsing error: gtk-widgets.css:57:14: Theming engine 'unico' not found
(gcr-viewer:28026): Gcr-DEBUG: gcr_pkcs11_initialize_async: starting initialize of registered modules
(gcr-viewer:28026): Gcr-DEBUG: on_initialize_registered: completed initialize of registered modules
(gcr-viewer:28026): Gcr-DEBUG: _gcr_initialize_library: initialized library
(gcr-viewer:28026): Gcr-DEBUG: _gcr_initialize_library: initialized library
(gcr-viewer:28026): Gcr-DEBUG: _gcr_initialize_library: initialized library
(gcr-viewer:28026): Gcr-DEBUG: gcr_importer_create_for_parsed: looking for importer for: (6) [ { CKA_CLASS = CKO_CERTIFICATE }, { CKA_CERTIFICATE_TYPE = CKC_X_509 }, { CKA_VALUE =  (1857) NOT-PRINTED }, { CKA_SUBJECT =  (123) "0y1\x100\x0e\x06\x03U\x04\n\x13\x07Root CA1\x1e0\x1c\x06\x03U\x04\x0b\x13\x15http://www.cacert.org1"0 \x06\x03U\x04\x03\x13\x19CA Cert Signing Authority1!0\x1f\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\x12support@cacert.org" }, { CKA_ISSUER =  (123) "0y1\x100\x0e\x06\x03U\x04\n\x13\x07Root CA1\x1e0\x1c\x06\x03U\x04\x0b\x13\x15http://www.cacert.org1"0 \x06\x03U\x04\x03\x13\x19CA Cert Signing Authority1!0\x1f\x06\t*\x86H\x86\xf7\r\x01\t\x01\x16\x12support@cacert.org" }, { CKA_SERIAL_NUMBER =  (1) "\x00" } ]
(gcr-viewer:28026): Gcr-DEBUG: gcr_importer_create_for_parsed: importer matched: (2) [ { CKA_CLASS = CKO_CERTIFICATE }, { CKA_CERTIFICATE_TYPE = CKC_X_509 } ]
(gcr-viewer:28026): Gcr-DEBUG: is_slot_importable: token is not importable: SSH Keys: write protected
(gcr-viewer:28026): Gcr-DEBUG: is_slot_importable: token is not importable: Root CA Certificates: write protected
(gcr-viewer:28026): Gcr-DEBUG: is_slot_importable: token is not importable: Secret Store: on the black list
(gcr-viewer:28026): Gcr-DEBUG: is_slot_importable: token is not importable: Gnome2 Key Storage: on the black list
(gcr-viewer:28026): Gcr-DEBUG: _gcr_pkcs11_importer_create_for_parsed: creating importer for token: User Key Storage
(gcr-viewer:28026): Gcr-DEBUG: gcr_importer_create_for_parsed: importer didn't match: (1) [ { CKA_CLASS = CKO_PRIVATE_KEY } ]
(gcr-viewer:28026): Gcr-DEBUG: gcr_importer_create_for_parsed: importer didn't match: (1) [ { CKA_CLASS = 0xC7435200 } ]

It even does not import the cacert.org certificates which is really annoying since you can't use some services without.
Comment 6 Fedora Admin XMLRPC Client 2013-05-08 20:23:54 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 7 Christian Stadelmann 2013-07-01 19:13:10 EDT
Works fine for me now in Fedora 18 and Fedora 19. I think this bug can be closed.
Comment 8 Stef Walter 2013-07-02 08:38:55 EDT
Thanks for testing and verifying.

Note You need to log in before you can comment on or make changes to this bug.