I'm using a Verisign certificate purchased for my IE
plugin and imported into Firefox (following directions from Verisign tech
support). I thought I had finally succeeded in signing my xpi file but when
Was it a "Netscape code signing" cert? A MS Authenticode cert will not work.
It's quite possible I've mucked something up in the code signing process but
I believe I've run into bug 321156,
https://bugzilla.mozilla.org/show_bug.cgi?id=321156, which seems to be about
Mozilla not recognizing certain kinds of certificates in a certificate
chain, even though the intermediate certificates are in the .rsa file in the
signed xpi file.
You can test whether this is the cause by manually installing the
intermediate certs locally and see if the problem goes away (for you,
only). If it doesn't go away you've got another problem. If it does then
you've got to get your cert re-issued by an intermediate with the right
The recommended workaround is:
All of those come down to "get another cert", they aren't things you can
do yourself. Verisign should be able to reissue a working cert though.
I've gotten working code-signing certs from them, and this 321156 bug is
not describing a new bug despite the more recent number. Maybe it was
filed recently because Verisign recently changed how they issue their certs?