On 2009-09-25 05:04 PDT, Adriano Bonat wrote:
> $ nss-certutil -d . -L -h all
>
> this gave me the same result as without it.
This is because you libnssckbi.so is not being loaded, as you have
already noted. Let's fix that.
> BUT, I tried it on a Ubuntu machine with Signing Tool 3.12.3.1, and
On 2009-09-25 18:17 , Robert Relyea wrote:
> On 09/25/2009 04:39 PM, Kathleen Wilson wrote:
>> Note that I am operating under the assumption that there is currently
>> no way in NSS to mark a root certificate as “untrusted”. Please let me
>> know if this assumption is incorrect.
>>
> There are
On 09/26/2009 02:39 AM, Kathleen Wilson:
If it would be reasonable to mark a root cert as “untrusted” in NSS,
we could also consider this option... If a root were to be
compromised, and marked as untrusted, it could be treated as though
all of the trust bits are unset, and not allow the user to s
On 09/25/2009 04:39 PM, Kathleen Wilson wrote:
Note that I am operating under the assumption that there is currently
no way in NSS to mark a root certificate as “untrusted”. Please let me
know if this assumption is incorrect.
There are 3 states we can report about a certificate: trusted, unkn
I am leading the effort to create a policy and a process for removing
a Certification Authority root certificate from distribution in
Mozilla products, and I would greatly appreciate your input and
feedback on the following.
Wiki page for ideas about the process and policy:
https://wiki.mozilla.or
Hey, thanks for you feedback.
On Sep 25, 3:07 pm, Kaspar Brand wrote:
> Adriano Bonat wrote:
> > adri...@planck:~/Tmp/empty_db$ nss-signtool -d . -l
>
> > Object signing certificates
> > ---
> > COMPANY LLC's Starfield Technologies, Inc. ID
> > Issued by: S
Adriano Bonat wrote:
> adri...@planck:~/Tmp/empty_db$ nss-signtool -d . -l
>
> Object signing certificates
> ---
> COMPANY LLC's Starfield Technologies, Inc. ID
> Issued by: Starfield intermediate
> Expires: Mon Sep 19, 2011
> ---
The Starfield certificates are available from here:
https://certs.starfieldtech.com/anonymous/repository.seam
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Just tried creating the certificates database from scratch, importing
the root and intermediate certificates from Starfield (...), but no
success yet, Firefox still says "signing could not be verified. -260".
Here are the steps that I followed:
adri...@planck:~/Tmp$ mkdir empty_db
adri...@planck:
David Stutzman-11 wrote:
>
> vvick...@harris.com wrote:
>> I need to create a build of NSS 3.12.4 with NSPR to use for FIPS 140-2
>> encryption in my java.security file.
>
> For those that are less than familiar with building software on Windows
> using Microsoft products, I really recommend
Thanks for you feedback.
On Sep 25, 2:53 am, Nelson B Bolyard wrote:
> On 2009-09-24 21:07 PDT, Adriano Bonat wrote:
>
> > Hi guys,
>
> > I'm trying to sign a Firefox extension (XPI) using a code signing
> > certificate bought from GoDaddy, but Firefox is rejecting the XPI file
> > saying "signin
11 matches
Mail list logo
