Not sure whether this will help, but I think you can write a function like the
one given below.
Have a look at security/manager/ssl/src/nsPKCS12Blob.cpp.
nsresult nsPKCS12Blob::ImportSSLCertsFromFile(nsILocalFile *file) {
nsNSSShutDownPreventionLock locker;
nsresult rv;
SECStatus srv = SECSucce
Is there a Mozilla utility with which I can attempt to import a
certificate *into* my PKCS#11 module?
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Dave Pinn wrote:
>> or try wiht the token name
>> certutil -L -h "Embedded Security Chip"
>
> X:\ThunderbirdProfile>certutil -L -h "Embedded Security Chip" -d .
> Enter Password or Pin for "Embedded Security Chip":
>
> X:\ThunderbirdProfile>
>
> That cannot be good, and Yes, I'm sure that I
Nelson Bolyard wrote:
Try
certutil -L -h all
to get a list of all certs in all slots.
X:\ThunderbirdProfile>certutil -L -h all -d .
Enter Password or Pin for "Embedded Security Chip":
Gatekeeper Root CA - eSign Australia CT,C,C
Gatekeeper Grade 3 Individual CA - eSig
Dave Pinn wrote:
> Nelson B Bolyard wrote:
> ...
>> 1) use modutil to get a listing of all the PKCS#11 modules that have been
>> configured into Thunderbird. If your new laptop's PKCS#11 module is not
>> among them, that's the first thing to fix.
> ...
>
> I downloaded the NSS 3.11 binary build f
Yes, NSS works on FreeBSD.
Mikhail Teterin reported several bugs last year. You
can find his email address in
https://bugzilla.mozilla.org/show_bug.cgi?id=302602.
Wan-Teh
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://list
I ran certutil -L, which produced the following output (some lines
deleted to protect my privacy):
Gatekeeper TYPE 3 CA - eSign Australia CT,C,C
Gatekeeper Grade 3 Individual CA - eSign Australia CT,C,C
Gatekeeper Root CA - eSign Australia
I created the .netscape directory, and plonked into it the following
files from my Thunderbird profile directory:
1. cert8.db
2. key3.db
3. secmod.db
I then ran modutil -list, which produced the following output:
Listing of PKCS #11 Modules
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Nelson B Bolyard wrote:
...
1) use modutil to get a listing of all the PKCS#11 modules that have been
configured into Thunderbird. If your new laptop's PKCS#11 module is not
among them, that's the first thing to fix.
...
I downloaded the NSS 3.11 binary build for WINNT5.0 - there were no
buil
Nelson B Bolyard wrote:
Out of curiosity, what tool(s) did you use to get that data?
An Embedded Security Certificate Viewer is part of HP's ProtectTools
suite. There's no way to copy the output of the viewer to the clipboard,
so I had to transpose it manually.
___
Nelson B Bolyard wrote:
Presently, A user must initiate the first fetch of a CRL from the CA.
To clarify, AFAIK all that is required is for a user to click on a link
to the CRL, *if* the CRL data is returned with a MIME type of
"application/pkix-crl". Firefox then imports the CRL and prompts
Nelson B Bolyard wrote:
Presently, A user must initiate the first fetch of a CRL from the CA.
CRLs are fetched asynchronously from cert chain validation.
CRLs are stored on disk locally, IIRC. After fetching the first one,
mozilla clients will fetch subsequent CRLs automatically on a periodic
ba
The NSS test tools are all command line programs. They don't use windows.
You run the "DOS prompt" (or other command line window) and run the programs
in that window.
I'd suggest a sequence of steps something like this:
1) use modutil to get a listing of all the PKCS#11 modules that have been
c
David Stutzman wrote:
> PK11_ImportCert has the following signature:
> SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
> CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust)
>
> Looking at the implementation in
> nss-3.11.2/mozilla/security/nss/lib/pk11wrap/pk11ce
Dave Pinn wrote:
> Nelson B wrote:
>> Best bet is to get a formatted listing of the certificate itself,
>> showing all the extensions and their criticality.
>
> OK, here goes:
>
> Non-critical X.509 version 3 extensions:
>
> * CRL Distribution Points
> * Authority Key Identifier
> * Subject Key
David Stutzman wrote:
> Here's some certutil -L output for the cert I am playing with here:
> Signed Extensions:
> Name: Certificate Key Usage
> Critical: True
> Usages: Digital Signature
> Non-Repudiation
>
> Name:
Dave Pinn wrote:
> Dave Pinn wrote:
>
>> Right-oh. I'd love to run pk11util. Do you know of a binary build of
>> pk11util for Windows XP?
>
> Hang on, am I being blonde? is NSS something that I can download and
> run, which incorporates pk11util?
NSS is a set of shared libraries, and test tool
Gary Krall wrote:
> I'm curious to know what FF does in this regard. Does it fall-back to
> CRLs when it cannot connect to our OCSP server? If not are there any
> plans to implement something like this in the future?
Handling of OCSP and CRLs is rather separate.
Presently, A user must initi
Frank Hecker wrote:
Frank Hecker wrote:
As I noted in an earlier message, Geotrust has applied to have three
more root CA certificates added; this is basically to support a
multi-year migration away from their current Equifax root certs. See
bug 294916 for details:
http://bugzilla.mozilla.o
Frank Hecker wrote:
As I noted in an earlier message, Geotrust has applied to have three
more root CA certificates added; this is basically to support a
multi-year migration away from their current Equifax root certs. See bug
294916 for details:
http://bugzilla.mozilla.org/show_bug.cgi?id=29
Frank Hecker wrote:
To echo my comments in bug 342470:
My apologies for not following up on this before now. As far as I'm
aware all questions relating to Swisscom have been answered, and they
appear to be in compliance with our CA policy, I am formally approving
their request to have their r
Frank Hecker wrote:
I'm now soliciting comments on the CA application from Swisscom, bug
342470:
https://bugzilla.mozilla.org/show_bug.cgi?id=342470
Swisscom is a public commercial CA based in Switzerland; see the bug
report and my CA certificate list page for more information.
Swisscom d
Nelson B wrote:
Best bet is to get a formatted listing of the certificate itself,
showing all the extensions and their criticality.
OK, here goes:
Non-critical X.509 version 3 extensions:
* CRL Distribution Points
* Authority Key Identifier
* Subject Key Identifier
* Authority Information Acc
Peter Djalaliev wrote:
Hello Dave,
In your first posting, you said that you have loaded "the relevant
PKCS#11 module". What module are you using? Is it provided with
ProtectTools?
The module ships with ProtectTools as a DLL: ifxtpmck.dll, to be precise.
Otherwise, I read through some of t
David Stutzman wrote:
Julien Pierre wrote:
What purpose are you using the digital signatures for in your
application ? That may help determine the right usage to check .
A blob of data will be signed and sent out over a network to another
system running the same application and the signature
Hello Dave,
In your first posting, you said that you have loaded "the relevant
PKCS#11 module". What module are you using? Is it provided with
ProtectTools?
Otherwise, I read through some of the HP ProtectTools Embedded Security
Manager whitepapers and it seems that the private key and certific
Dave Pinn wrote:
Right-oh. I'd love to run pk11util. Do you know of a binary build of
pk11util for Windows XP?
Hang on, am I being blonde? is NSS something that I can download and
run, which incorporates pk11util?
___
dev-tech-crypto mailing list
d
28 matches
Mail list logo
