Re: Announcing Mozilla::PKIX, a New Certificate Verification Library

Engineering Team Yup - having a problem. Novell ZENworks optionally uses an internal CA and with FF 31 I can no longer connect to the management console or any of the other web services. I'll try turning off the new CA checker to see if that works. I like the idea of better security, but you just pissed off a lot of my customers. Bruce McDowell McDowell Consulting LLC br...@consultbruce.com -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Wells Fargo CA inclusion/EV request

ime of their annual WebTrust for CA audits. As Mozilla was just considering CAs for EV status in 2008, most EV CAs would already have had a WebTrust for EV audit report in hand. Hope this helps. Regards, Bruce. ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Firefox 3 connection now results in ssl_error_bad_cert_domain

first. Thanks again, Bruce On Jul 2, 7:37 pm, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > Bruce Keats wrote, On 2008-07-02 14:52: > > > Thanks for the help.  That answers a lot of questions, but raises some more. > > I assume that firefox is trying to match with the hostname

Re: Firefox 3 connection now results in ssl_error_bad_cert_domain

;t forget that if you have host names in the Subject Alternative Name > extension, then ALL the names in the cert belong there, not all-but-one. > But This is no different than it was in FF2. I don't think I fully understand the "ALL the names" in this context. What might hel

Firefox 3 connection now results in ssl_error_bad_cert_domain

"Wrong Site" it says "Certificate belongs to a different site which could indicate an identity theft" and I might be able to accept that because the URL is different than that found doing a reverse DNS lookup. How can I get firefox to stop compl

Re: Entrust EV request

On Jun 6, 9:34 am, "Eddy Nigg (StartCom Ltd.)" <[EMAIL PROTECTED]> wrote: > Hi Bruce, > > Bruce: > > > > > All Organization Validated SSL certificates are issued using a three > > part process. The applicant's business name is validated against

Re: Entrust EV request

vernment registry). Domain names are validated via a WHOIS lookup to ensure that the domain is registered to the business or that the applicant has the right to use the domain (i.e. parent or subsidiary company of registrant). Finally, an employee of the applicant is contacted through a phone number found

Re: Terminating SSL on the web proxy

? Thanks, Bruce On Dec 7, 2007 6:35 PM, Nelson Bolyard <[EMAIL PROTECTED]> wrote: > Florian Weimer wrote, On 2007-12-07 02:54: > > Is it possible to configure NSS (or, more precisely, Firefox) to > > terminate SSL connections on the web proxy, so that the proxy receives >

Is firefox 2.0.0.8 suppose to try different OCSP responders?

exhausted the list of responders? Thanks, Bruce ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Problems with getting OCSP to work with firefox 2.0.0.8 (Fedora Core 7)

. When I imported it, I made sure the check box "Trust this CA to identify web sites" was checked. Now when I establish the connection, I no longer see the warning. As well, firefox is sending out the OCSP request and is getting the OCSP response. Thanks, Bruce On 11/2/07, Edd

Re: Problems with getting OCSP to work with firefox 2.0.0.8 (Fedora Core 7)

Thanks for the hint. I didn't pay much attention to the cert warning as everything appears to work (other than the OCSP checks). I will give it another go once I resolve the warnings. Bruce On 11/2/07, Nelson B <[EMAIL PROTECTED]> wrote: > > Bruce Keats wrote: > > &

Re: Problems with getting OCSP to work with firefox 2.0.0.8 (Fedora Core 7)

. Anything else? As I mentioned, I don't see any requests from firefox. Bruce On 11/1/07, Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]> wrote: > > I can try to help you if you can provide some more details about the > software you are using, examination of the certificate itself e

Problems with getting OCSP to work with firefox 2.0.0.8 (Fedora Core 7)

ike OCSP support is there. Any ideas why this isn't working for me? Any suggestions of things to try because I am out of ideas? Bruce ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Firefox 1.5 and importing CRLs?

On 3/23/06, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: Bruce Keats wrote:> I am having problems importing CRLs and managing CRLs within firefox.> In the linux version, the import button opens a window that allows me to > enter a file name for the CRL.  The CRL is in PEM f

Firefox 1.5 and importing CRLs?

about the windows version?   Bruce ___ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto

How do I import a CRL import Firefox under Fedora Core 3?

Hi, I am trying to import a CRL into firefox, but I have not been able to  discover the right combination to things to get it to work.  The CRLs  are in binary DER format and are called "blah.crl".  I tried just  putting the file URL ( e.g. file:///blah.crl) without any luck (it just tries do save