If you keep the individual CA certs as PEM files in a distinct
location, as part of the login process, you can use a script to
check for the presence of these CA certs in the cert-store and
then add them as appropriate.
Using two files, I remove third-party CA's from internal server
applications using client-auth:
File cacerts has a list of all CA names
---------------------------------------
ABAecom (sub., Am. Bankers Assn.) Root CA
Access America by DST
...
Verisign Class 4 Public Primary Certification Authority - G2
Verisign Class 4 Public Primary Certification Authority - G3
Verisign/RSA Commercial CA
Verisign/RSA Secure Server CA
File rmcerts removes them (written for Linux/UNIX)
--------------------------------------------------
#!/bin/ksh
#
# First parameter is the directory where cert7.db file exists
# Second parameter is the file that has list of certs to remove
if [ $# -ne 2 ]; then
echo "Usage: $0 <cert7.db directory> <file with list of certs
to remove>"
exit 1
fi
exec 3< $2
while read -u3
do
certutil -D -d $1 -n "$REPLY"
print -r "Deleted $REPLY"
done
certutil -L -d $1
Hope this helps.
Arshad Noor
StrongAuth, Inc.
[EMAIL PROTECTED] wrote:
My
question is how can I make an assigned set of CA certs be available
for any user that logs into the client. If I export these from IE,
then import them into Mozilla. I want them added so that the first time a user
logs into the system, they are present. This is a classified system, so the
certs are classified Thanks, Mac
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
