On 08/06/2013 09:41 AM, epva...@gmail.com wrote:
I am using the NSS certutil.exe app command line to add a self-signed certificate to Firefox. Using the command line I'm able to get my certificate to show up in the Certificate Manager under the "Authorities" and "Others" tabs. I have even gotten it to show up in the "Servers" tab. However, when it does the "Server" column has a "*". When I navigate to my website I still get a certificate warning.
What is the details of the warning?
As Kai pointed out, the Add Exception is not stored in the NSS db, but in the firefox profile. In general, the plugin would be the preferred way to have the cert trusted in Firefox because it ties the cert to a specific website.I noticed that when I manually add the exception the "Server" column says the name and port of my site. It seems to be different in other was too as the "Edit Trust" button seems to be permanently disabled. So, how can I "Add Exception" using NSS tools?
I'm able to get the cert installed in a way that doesn't work using this command: certutil.exe -A -n "localhost" -t "P,P,P" -i "C:\<<Path to Cert dir>>\localhost.pem" -d "C:\Users\<<User>>\AppData\Roaming\mozilla\firefox\profiles\<<rand>>.default" Am I just missing a command line option? Any help or ideas would be appreciated!
This should have marked the cert explicitly trusted, so I'm curious about what warning details you get. (Not that I recommend making this method work, I just want to understand why it didn't).
bob
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
