Peter Djalaliev wrote: > Hello, > > Is there another way to import certificates into Firefox's certificate > database except importing them in PKCS#12 format through the GUI (Edit > > Preferences > ...)?
uh, tools->options->Advanced(tab)->View Certificates(button) takes you to the "Certificate Manager" window. There's an import button in each tab in that window. In the "Your Certificates" tab, it only wants to import PKCS12 files, but the other tabs will import ordinary certs (e.g. binary DER cert or Base64 encoded, like PEM). > I am working with trusted computing and I want to import an Attestation > Identity Key (AIK) certificate, which was generated from a > public/private key pair generated inside a TPM security chip. However, > the private key usually never leaves the TPM, so I can't use it to > convert the certificate to PKCS#12. I gather that you want the cert to show up in "Your Certificates", at least when your TPM chip is on-line. Try importing it in the "Other People's certs" tab, while the TPM device is not on-line (not in the slot, or (at least) not logged in). Then, when you plugin+logon to the TPM, that cert may show up in "Your Certificates". > Is there a NSS certificate database that Firefox uses that I can import > the certificate into, using certutil? Yes, I think certutil can do what you want. But try it with FF GUI some more first, please, and let us know what you experience. BTW, will the TPM chip allow you to import x.509 certs onto it? > Regards, > Peter _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
