Dennis Darch wrote, On 2008-08-19 09:23: > In the next update of our software product we are using NSS 3.11.9 to > upgrade our LDAP client to support LDAP/SSL. I would like to include in our > documentation a list of the public certificate authorities that would be > trusted without having to be added to the client's cert8.db. Where would I > look in the source code to find that list?
Maybe Frank can answer that. I'm not aware of a page with a complete listing of the trusted CA certs in an easy-to-read form. Maybe I'm forgetting something. > A second but related question: It is my understanding that if a customer > obtained a certificate for their LDAP/SSL server from some certificate > authority that was authorized (or whatever the precise term is) by one of > those default authorities, then we would expect the server to send the full > certificate chain to the client so that it would trust the server's > certificate. Is that correct? Yes, that is correct. Full chain, up to the root, root itself is optional since the client must already possess a copy. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
