Personal certificates not found - listed under Others

[Argus]

Fx 3.6.13 (the subject line was a bit short).

I have posted this question over at Mozilla Support. Don't know why, since I don't expect a reply over there. As I have mentioned earlier, you can almost see in real-time how your post moves under the fold. After some 20 hours it's now on page 12 (and their novel UI doesn't help). Enough about them.

Yes, certificates; this one is really odd!

When I tried to access a site using my personal certificate, that worked some weeks ago, I got the reply that it didn't look like I had any certificate.

When I examined the certificates in the Certificate Manager, the "Your certificates" tab was empty! However, I found all my certificates on the "Others" tab. Still OK, could be verified since the other certificates (such as the Issuer's) are still there. But to no use, since I can't export them in a format that I can import under "Your certificates".

What in the name of the Lord could cause this to go on inside the internal Software Security Device; in that little file?

Could it be some corruption created by other software? A setting somewhere?

[Argus]

or should that be I knew it! I had a hunch about what was going on, although, as usual, there can be several days or more between cause and effect ...

After I had solved my immediate problem (having lost certificates), I can now, with a new certificate, replicate what I described above (as usual I have to solve my own problems as well as others ).

It was a user error in combination with some other software.

I had a master password; and among other things this protects the certificates in the built in Software Security Device, thus you have to enter the master password (log in to the Software Security Device) the first time you want to use a certificate during a session. Usually one set this at Tools > Options > Security tab > Use a master password. But it can also be changed in the Software Security Device on the Advanced tab.

Apart from that I don't save passwords in Fx. This can explain why I made a not so wise choice earlier.

I sometimes use Ccleaner, and I have changed its default settings, as most of us; in my case I have removed most of the check marks. So for Fx, on the Application tab, I have had it set to remove cache, cookies and session; that's all. I usually save history to jog my memory when searching etc.

Some days ago I ran Ccleaner but added two check marks; Saved Form Information and Saved Passwords. The last one, when checked, shows a prompt that you will lose saved passwords; that’s all.

As I mentioned above, I don't save passwords for sites in Fx, so I didn't think further and ran Ccleaner with the added check marks. I didn't expect it to reset the master password (i.e. remove it), but that is what it did. Of course, since I don't save other things, there was no call for this, to run it with those settings, but you know, curiosity ... Also against my usual principle to not run third-party software on critical data or settings when there are built-in tools. And I could not believe that it would reset the master password. Ccleaner does remove the database file key3.db, and it's recreated by Fx.

If you don't use or have a master password Fx will just prompt you for the certificate (or pick one depending on the settings under Advanced).

But if you have added a master password, and this is reset, you would not have to log in to the Software Security Device to use a certificate. And since this can be used to gain access to the certificates, I can only assume that this is the reason why the personal certificates are moved from the "Your certificates" tab to the "Others" tab, and no longer work.

If one remove a master password via the Security tab, one will be prompted for the master password, before setting Fx to not use it. But resetting is a completely different thing; the most obvious case is if one has forgotten the password.

The old way was/is typing: chrome://pippki/content/resetpassword.xul at the address bar.

That would generate a prompt:

If you reset your master password, all your stored web and e-mail passwords, form data, personal certificates, and private keys will be forgotten. Are you sure you want to reset your master password?

See for example: https://support.mozilla.com/en-US/kb/Fo ... 20password" onclick="window.open(this.href);return false;

Pretty obvious, clear and comprehensible. But you don't get anything of that if you use Ccleaner; the prompt only talks about passwords in a general sense. They haven't even updated the help information for the Applications tab, I think. They mention "Saved Form Information", but I think they added "Saved passwords" in a later version. There was some discussion about that at their forum some 9 months ago; http://forum.piriform.com/index.php?showtopic=27815" onclick="window.open(this.href);return false;

To remove site passwords, if those are protected with a master password, it would also have to reset the master password, I assume. So there is some consistency; but I didn't colligate the two. I probably have read something about resetting the master password years ago, so that wasn't new info, but when done out of context ... Ah well.

Case closed, next case.