On Jul 23, 4:20 pm, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> joshuaaa wrote, On 2008-07-22 23:56:
>
> > I was under the impression (read somewhere here) that firefox 3 would
> > allow the cert database to be updated WHILE firefox was running. I'm
> > getting the same old behavior in FF3. ie. remove cert while firefox is
> > open, view cert manager and the cert still exists. Have I
> > misunderstood or am I doing something wrong?
>
> Firefox stores certs in several places, two of which are the built-in
> list of root CA certs, and the cert DB. The cert DB can be updated,
> as you suggest, and certs can be deleted. There should be no need to do
> any restarts after editing the cert DB. However, deleting root CA certs
> from the built-in list of root certs is not possible. For them, you need
> to "edit" them and remove the trust flags, rather than try to delete them.
>
> > If this behavior is by design, is there a way to tell it to grab a new
> > instance of the cert store? Any solutions to get around this issue?
>
> If you try to delete a root cert from the cert DB, and the root cert is
> not presently in use (e.g. you're not visiting an SSL server whose cert
> chain uses it)., the results should be immediate. If they're not, file a
> bug.
Thanks for the quick response Nelson. I guess I do not have a clear
understanding of where certificates are stored. I must be doing
something wrong... A simple example for what I'm doing with JSS would
be like this:
String dir = ".....\Mozilla\\Firefox\\Profiles\\some_number.default";
CryptoManager.initialize( dir );
CryptoManager cm = CryptoManager.getInstance();
CryptoToken internalToken = cm.getInternalKeyStorageToken();
CryptoStore cs = internalToken.getCryptoStore();
cs.deleteCert(cm.findCertByNickname("nickname_of_cert"));
System.out.println("Success.");
If firefox is open and I run the code above and then do a
crpytomanager.getAllTokens() and print out the names for all the certs
within each token the cert I removed IS NOT in the list. I assumed
that it had worked. BUT, if I open the cert manager in firefox it
still shows the user certificate! If firefox IS NOT running and I
execute my code, the cert is removed and when I start firefox to check
the cert manager it is really gone this time.
What am I doing wrong?
Thanks again.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
