[Muscle] Cannot use certificates from token!

Andreas Semt muscle@lists.musclecard.com
Wed, 27 Nov 2002 03:25:35 +0100 

Andreas Semt wrote:
> Hello,
> 
> 
> I have done all the steps described in the  "MuscleCard HOWTO
> Chapter 5 - Mozilla" by Ludovic Rousseau. With Mozilla 1.0.1 I requested 
> a free (e-mail X.509) certificate from Thawte. With muscleTool I can see 
> a lot of objects generated by Thawte on the muscle card. However when I 
>  use Mozilla -> Preferences ... -> Privacy & Security ->  Certificates 
> -> Manage Certificates (then I have to give the PIN for the Muscle 
> Token) to view the certificates, the Mozilla Certificate Manager shows 
> no certificates at all! What does this mean?
> What meanings have the object names on the muscle card (for example c0, 
> c1, C0, C1, ...)? What relationship does the objects (c0 <-> C0 or c0 
> <-> c1, ...) on the token have to each other?
> Can I watch the content of the objects from the muscle card? Therefore I 
> have to export them and use openssl to get the object's content, right? 
> Can anybody send me the openssl syntax for this specific command?
> 
> A LOT OF THANKS FOR HELP!
> 
> 

OK, I will answer myself:

Fine, now I understand ... I have to use the Mozilla Certificate Manager 
to import the certificate from Thawte onto the card AFTER exported (and 
deleted it from the Security Device).
Here the steps (if anybody has the same problems ;-)

1. Go to (for example) to Thawte (http://www.thwate.com/) to get a free 
e-mail certificate.
2. Fill out the register forms (a lot of them!) and wait for a e-mail 
from Thawte.
3. Follow the instructions in the e-mail and open your Thawte account. 
Then request your free X.509 certificate FOR YOUR BROWSER (i.e. the 
Mozilla Security Device), because when I tried to get the certificates 
for the muscle token, the Mozilla Certificate Manager cannot use/see 
these certificates on the muscle card  (perhaps this is a special 
problem in my case, who knows ;-)
4. Then you get two e-mails from Thawte. Follow the links in the mails 
to install the certificate FOR YOUR BROWSER.
5. Backup (means export) the certificate in the Mozilla Certificate 
Manager. Then delete the certificate from the Mozilla Security Device.
6. Import the backuped certificate in the Mozilla Certificate Manager. 
Choose the Muscle token for import!
7. Set the security stuff in the e-mail client of Mozilla.
8. Now try to send yourself (*for test purpose*) a signed (or encrypted 
or signed and encrypted ...) e-mail.
9. Recognize that this is impossible, because the FREE Thawte 
certificate is issued to "Thawte Freemail Member" (of course with the 
e-mail address from your certificate request)! The problem is (only in 
my case?) that you can only send a signed e-mail when you have the 
certificate from the recipient (-> the "Thawte Freemail Member", but 
your e-mail address) and from the sender (your e-mail address). I have 
only the certificate for "Thawte Freemail Member" (which has "my" mail 
address), but I have NO certificate for the recipient (me, also my mail 
adress -> the certificate is issued to the name "Thawte Freemail 
Member", not to _my_ name AND my mail address)! Is that funny, isn't it?

Can anybody say if I have (again) some problems to get the point or is 
that the FREE in the "get your FREE personal email certificate" from the 
Thawte homepage?

Greetings,

-- 
Andreas Semt (Andreas.Semt@gmx.net)