Larry Melton wrote, On 2008-06-23 15:29:
> We would like our java application to create a mozilla cert store if one
> doesn't already exist, similar to the way firefox does. We currently
> install firefox and create a new profile specifically for our application.
> It seems that some IE types s
On Jun 24, 2008, at 9:41 AM, Wan-Teh Chang wrote:
> On Thu, Jun 19, 2008 at 2:11 AM, Jean-Marc Desperrier
> <[EMAIL PROTECTED]> wrote:
>>
>> But Firefox 3.0 does not make use of the SQLite support, right ?
>> Quite a pity ...
>
> You're right. I added a note to the NSS 3.12 Release Notes
> to cl
On Thu, Jun 19, 2008 at 2:11 AM, Jean-Marc Desperrier
<[EMAIL PROTECTED]> wrote:
>
> But Firefox 3.0 does not make use of the SQLite support, right ?
> Quite a pity ...
You're right. I added a note to the NSS 3.12 Release Notes
to clarify this point:
http://www.mozilla.org/projects/security/pki/n
Nelson,
I think you may want to qualify your message in this paragraph, so as
to not mislead people who don't understand PKI very well.
As I'm sure most people on this list know, every Root CA certificate is
a self-signed certificate. There is nothing inherently insecure about
such certificates,
We would like our java application to create a mozilla cert store if one
doesn't already exist, similar to the way firefox does. We currently
install firefox and create a new profile specifically for our application.
It seems that some IE types start convulsing on the floor if you suggest
that
Dennis Darch wrote, On 2008-06-23 13:05:
> I am extending our application software to function as an LDAP/SSL client
> for login authentication. To do this, I have built the Mozilla LDAP C
> SDK 6.0.4 with NSS 3.11.9 and NSPR 4.7.
>
> Obviously, our customers have to set up cert8.db and key3.db
Maybe I'm missing something obvious here, but where are the binaries for nss
3.12 and nspr 4.7.1? The most recent ones I can find are for nss 3.11 and
nspr 4.6.4. We do everything in java here, so I've always used the
binaries.
Thanks,
Larry
___
Yevgeniy Gubenko wrote, On 2008-06-23 12:47:
> I don't know how to extract specificly public key after I
> used the following command:
>
> certutil -G -n srv -k rsa -g 1024 -z seed -f pwdfile.txt -d .
>
> which should have created me public/private key pair.
> The second problem is: after I have
I am extending our application software to function as an LDAP/SSL client
for login authentication. To do this, I have built the Mozilla LDAP C SDK
6.0.4 with NSS 3.11.9 and NSPR 4.7.
Obviously, our customers have to set up cert8.db and key3.db files that will
trust the certificate of the LDAP
Thanks Michael for your reply
First of all, I don't know how to extract specificly public key after I used
the following command:
certutil -G -n srv -k rsa -g 1024 -z seed -f pwdfile.txt -d .
which should have created me public/private key pair.
The second problem is: after I have created JKS publ
Frank Hecker wrote:
3. Find some other way to get NSS not to recognize DigiNotar certs for
email, perhaps in combination with some action by Entrust and/or
DigiNotar. For example, one idea is to have end users of DigiNotar certs
reconfigure their email clients to have cert chains that termina
Gervase Markham:
> Rob Stradling wrote:
>> That is now old news. I'm pleased to announce that...
>
>
>
>
> Gerv
StartCom has concluded today the revocation of all vulnerable keys which
were signed by any of our roots, respectively intermediate CA
certificates. Several notifications were sent
Jan Schejbal:
> I did (now completely), but most of it seems to be a discussion about
> CAs (not) revoking keys. As I understand it, if the CA does use only a
> normal CRL (and not OCSP), firefox won't care. At least the
> proof-of-concept attack on the akamai key still worked.
Yes, as indicated C
Hello,
I want to overwrite default mozilla 1.9 behavior in https flow.
I want to be informed about certificates (especially bad).
I'll show my own "certificate dialogs" to user and user will decide
if accept certificate or not.
In mozilla 1.8 I used nsIBadCertListener interface to do above.
In mo
Hi,
>Please read the thread about Debian keys first:
I did (now completely), but most of it seems to be a discussion about
CAs (not) revoking keys. As I understand it, if the CA does use only a
normal CRL (and not OCSP), firefox won't care. At least the
proof-of-concept attack on the akamai key
Yevgeniy Gubenko wrote:
>
> 1.export public key from Solaris to Windows in JKS format
>
> 2.import public key from Windows to Solaris into NSS database
I would export as PKCS#12 format and import that to NSS cert DB.
Ciao, Michael.
___
dev-tech-crypto
16 matches
Mail list logo
