CAcert private key not importable


I created a CAcert certificate with SOME email-adresses (not only one email-address!)

The public key can be imported in Kleopatra, but not the private key.

What have I to do?

error message during import is “object not valid”

Just did that on Monday :slight_smile:
And I also was confused how to do this. As CACert only offered a download of the public key (in pem or der format) or to “Install it in your browser”

So what I did was:

  • With firefox I clicked on the “Install in your browser” link on the page that was linked in the “Your certificate” mail.
    → Resulted in success.
  • In firefox → Settings → Privacy and security → View Certificates → Your Certificates
    → There was the CAcert WoT User Certificate with my email.
  • Selected it and hit “Backup”
    → This allowed me to export it in a proper pkcs12 container with password. I could then import that same container with the same password in Kleopatra.

As a sidenote, it took around an hour to explicitly verify the certificate (open certificate details) because of the CRL badness of CACert. And on Windows it only worked after todays fix (which we will release next week) for our own CRL badness :wink: .

Hi, this works for certificates with only ONE email-account.

Please try it with ONE certificate and MANY email-accounts within this certificate. Then I think you will fail like me.