Hi, >Include all the certificates which chain from the original end-user >certificate into the PKCS7 file. Firefox should import them happily.
I agree with you, that's i've done. In fact, the problem is: EE certificate contains an AIA extension which indicates a p7c file. In this p7c file, there is a cross-certificate which also contains an AIA extension with the URL of an another p7c files. In this p7c file, there is the second cross-certificate and the user, which receives the EE certificate, can validate the certificate with its own CA Root. Is it possible to do that with Firefox? >If you expect NSS to fetch chained certificates through Internet >download than it is correct that Firefox doesn't do that. Is there any button or configuration in Firefox to do that? Best regards, Pascal -- View this message in context: http://www.nabble.com/Re%3A-How-to-imoprt-a-p7c-files-into-firefox--tp21850840p21868162.html Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
