Jehan, I was able to get our certificate installed for all users by using Mozilla's Client Customization Kit (CCK - http://www.mozilla.org/projects/cck/firefox/). I installed an older version of Firefox - 2.0.0.14 I think - then installed the kit. I make a lot of customizations to the regular installer, and the CCK can do most of them, but the only thing I used it for was the root certificate (there's a page in the customization wizard for that). You don't need the actual certificate - what I did was install our rootcert.crt file in Firefox first by opening the file from a link and selecting all three check boxes. Then I had to export it from the certificate manager in Tools | Options so that it exported just the fingerprint. That's the file that the CCK needs. The extension will work in version 3 but you'll have to edit it first. Just change the maximum version of the install.rdf file (open the .xpi in 7-zip and edit the .rdf directly) to 3.* and youll be fine. I've tested that extension in 3.0.0 and 3.0.1 on both PCs and Macs, and they work as advertised. Once the extension works to your liking, move the extension folder from your profile (C:\Docs and Settings\username\Application Data\Mozilla\Firefox\profiles\something\extensions\) to C:\Program Files\Mozilla Firefox\extensions so it'll be active for all users. If you want to have it there as part of the installation process you can put the entire extension folder in the nonlocalized\extensions folder of the install package.
Let me know if you need any other help. On Fri, Jul 18, 2008 at 3:58 AM, jehan procaccia <[EMAIL PROTECTED]> wrote: > indeed, in the thread youm mentioned below, "tmountjr" seems to have the > same needs as mine -> pushing a cert8.db containing our own CA to users, > but although he "succeeded", I'm sorry , but I did not understand clearly > how it could be done, tmountjr further details greatly appreciated ... > > However, I'am surprise there's no easy way to tell Firefox in a preference > (pref.js ?) to look for cert8.db in a common place for everyone logging to > the station (these are shared stations for hundreds of students ) . With the > new security scheme of FF3, I supose most institution, university etc .. > need to push their own CA in FF3, how others did ? > > Thanks for further help . > > David Stutzman a écrit : > >> You may find this recent thread informative: >> http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thr >> ead/5885eb5986864447 >> >> Dave >> >> >> >>> -----Original Message----- >>> From: [EMAIL PROTECTED]: >>> dev-tech-crypto-bounces+dstutzman <dev-tech-crypto-bounces%2Bdstutzman>= >>> [EMAIL PROTECTED] >>> >>> >> la.org] On Behalf Of jehan procaccia >> >> >>> Sent: Wednesday, July 16, 2008 12:10 PM >>> To: dev-tech-crypto@lists.mozilla.org >>> Subject: distribute our CA to users >>> >>> hello, >>> >>> I found from >>> http://www.mozilla.org/projects/security/pki/nss/tools/certuti >>> l.html how to import our CA (Internal PKI) in firefox3. >>> Now I want to distribute cert8.db and key3.db to all new users and also >>> to current users who already have a profile. >>> How can I do that ? >>> When a user first start firefox , a profile is create in it's >>> ~/.mozilla/firefox/y9f0c08g.default, then cert8.db, key3.db and secmod.db >>> are pushed there, but where is the source of these files so that I can >>> modify them before they are pushed ? I did notices in linux /etc/pki/nssdb, >>> put after changed them , they were not those one pushed on a new user >>> mozilla profile :-( >>> How will I do for current users who already have a profile ? >>> >>> Better solution will be to set this with autoconfig ( >>> http://developer.mozilla.org/en/docs/MCD,_Mission_Control_Des >>> >>> >> ktop_AKA_AutoConfig) >> >>> If there is a preference (pref.js) directive that set the path to >>> cert8.db, I would point it to a central cert8.db on the shared stations ! >>> But from http://preferential.mozdev.org/preferences.html I've only seen >>> that preference "security.default_personal_cert" and it doesn't seem to be >>> the correct one :-( . >>> >>> any help will be greatly appreciated . >>> Thanks. >>> >>> PS: I will also have to do that on windows ... >>> I wrote (In french) a doc on how i've imported our CA in cert8.db : >>> http://www-public.it-sudparis.eu/~procacci/wiki/bin/view/Docum<http://www-public.it-sudparis.eu/%7Eprocacci/wiki/bin/view/Docum> >>> >>> >> entations/MozillaCertutils >> >>> _______________________________________________ >>> dev-tech-crypto mailing list >>> dev-tech-crypto@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-tech-crypto >>> >>> >>> >> _______________________________________________ >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto >> >> > >
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
