David Stutzman wrote:
> Alexander Klink wrote:
>> Well, but the private key that has been created has to be recorded
>> somewhere, right? Is there a way to list those at least?
>
> $ certutil -K -d .
> Enter Password or Pin for "NSS Certificate DB":
> <0>
> <1>
> <2>
> <3>
That useless output is
Robert Relyea wrote:
> NOTE2: None of the proxy nelson mentioned will work if the user is using
> SSL client auth.
I would say two things about that:
1) SSL client auth is generally controlled by the server, not the client.
2) There are reverse proxy products that will do SSL client auth, IIRC.
Florian Weimer wrote:
* Nelson Bolyard:
Florian Weimer wrote, On 2007-12-07 02:54:
Is it possible to configure NSS (or, more precisely, Firefox) to
terminate SSL connections on the web proxy, so that the proxy receives
requests in the clear (and handles the certificate verification)?
On Dec 11, 2007 4:35 AM, D3!$ <[EMAIL PROTECTED]> wrote:
> Hi All!!!
>
> 1)I'm trying to figure out the function of the PL_CreateOptState &
> PL_DestroyOptState functions mentioned in plgetopt.h: Looks like it
> parses the command line argument string, but I want to know what
> exactly it d
David Stutzman wrote:
> One would have to write a custom program using NSS to do so. I don't
> think any of the command-line utils let you delete keys unless they have
> certs associated with them.
It's the subject of bug 291383, actually ("certutil cannot delete orphan
private keys"): https://
* Nelson Bolyard:
> Florian Weimer wrote, On 2007-12-07 02:54:
>> Is it possible to configure NSS (or, more precisely, Firefox) to
>> terminate SSL connections on the web proxy, so that the proxy receives
>> requests in the clear (and handles the certificate verification)?
>
> I think, but am not
David Stutzman wrote:
> Michael Ströder wrote:
>
>> And maybe one would like to delete the private keys for which never was
>> a cert issued.
>>
>
> One would have to write a custom program using NSS to do so. I don't
> think any of the command-line utils let you delete keys unless they h
Michael Ströder wrote:
> And maybe one would like to delete the private keys for which never was
> a cert issued.
One would have to write a custom program using NSS to do so. I don't
think any of the command-line utils let you delete keys unless they have
certs associated with them.
Dave
_
Hi All!!!
1)I'm trying to figure out the function of the PL_CreateOptState &
PL_DestroyOptState functions mentioned in plgetopt.h: Looks like it
parses the command line argument string, but I want to know what
exactly it does... Also, is there any significance attached to the PL
prefix that is
Alexander Klink wrote:
> Hi Nelson,
>
> On Mon, Dec 10, 2007 at 12:39:08PM -0800, Nelson Bolyard wrote:
>> Alexander Klink wrote, On 2007-12-10 05:09:
>>> is there an easy way to list the CSRs that have been created using
>>> SPKAC using Firefox?
>> No, sent CSRs are not recorded anywhere.
> Well
Alexander Klink wrote:
> Well, but the private key that has been created has to be recorded
> somewhere, right? Is there a way to list those at least?
$ certutil -K -d .
Enter Password or Pin for "NSS Certificate DB":
<0>
<1>
<2>
<3>
If the key has an accompanying cert, I believe it will list the
Bruce:
You may want to look at Paros. Its an open source proxy where you can
see the HTTPS traffic in plain text.
Best Regards.
Umesh.
- Original Message -
From: "Bruce Keats" <[EMAIL PROTECTED]>
To:
Sent: Monday, December 10, 2007 9:28 PM
Subject: Re: Terminating SSL on the web pr
Hi Nelson,
On Mon, Dec 10, 2007 at 12:39:08PM -0800, Nelson Bolyard wrote:
> Alexander Klink wrote, On 2007-12-10 05:09:
> > is there an easy way to list the CSRs that have been created using
> > SPKAC using Firefox?
> No, sent CSRs are not recorded anywhere.
Well, but the private key that has be
13 matches
Mail list logo
