joshuaaa wrote, On 2008-07-24 06:56: > This is part of a project to increase security here at work. To be > honest, I'm not completely sure of all the details. I've just been > asked to add/remove user certificates while the browser is running.
User certificates? Certificates for which the user has the private key? or CA certificates? Big difference there, because user certificates also necessitate dealing with private keys. Doing it while the browser is running means doing it inside the browser, using the NSS in the browser, not a separate process with a separate copy. >> Are you just trying to put a new root cert in a browser? >> That can be done using features already built into the browser without >> any Java or JavaScript. > > I do need to import a root cert, but I need to do it programatically. What does that mean? (Everything done on a computer is done programmatically.) Does it mean "without the user's control and consent"? Changing the browser so that it will alter the things on which the user's security depends, without the user's control, is a bad guy's dream come true, of course. So, if the motives are really "to increase security here at work", and not merely "to make IT's job easier at work", one needs to consider the potential unintended consequences of the changes being proposed (which are still not entirely clear). I suggest you look at http://developer.mozilla.org/en/docs/NSS_Certificate_Download_Specification for ideas on importing certs. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
