Nelson B Bolyard:
> On your system, is certutil a shell script that runs a program named
> certutil-bin ?
As Eddy said about getting it from a directory server install, the
Directory/Certificate System products have been doing that for quite a
while now.
>From a system with Red Hat CS 7.1 instal
Just because it's not from Debian doesn't mean that it hasn't been
tampered with, Eddy. Any "downstream" that has access to the code can
do the same thing no matter who they are.
-Kyle H
2008/6/12 Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]>:
> Nelson B Bolyard:
>
> That's certainly not how the
Nelson B Bolyard:
You undoubtedly need to add a -d DIRECTORY option to that command line.
On your system, is certutil a shell script that runs a program named
certutil-bin ?
Apparently yes.
That's certainly not how the NSS team ships certutil. Sounds like another
case of somebody playi
Eddy Nigg (StartCom Ltd.) wrote:
> Nelson B Bolyard:
>> All trust flags are kept in the cert DB file, along with the certs to
>> which they are attached.
>>
>> If you have the certutil utility, it would be interesting to see the output
>> of certutil -L for the cert(s) in question. Just be carefu
Eddy Nigg (StartCom Ltd.):
Hopefully I've done that correct:
certutil -L cert8.db
certutil-bin: function failed: security library: bad database.
By chance I was able to solve the problem for me, which involved
removing an exception for that domain and certificate. Now I'll poke
around if I
Nelson B Bolyard:
All trust flags are kept in the cert DB file, along with the certs to
which they are attached.
If you have the certutil utility, it would be interesting to see the output
of certutil -L for the cert(s) in question. Just be careful not to use it
at the same time as your browser
Eddy Nigg (StartCom Ltd.) wrote, On 2008-06-12 04:16:
> Nelson B Bolyard:
>> Eddy Nigg (StartCom Ltd.) wrote:
>>
>>> Just want to ask before opening a new bug: Upon visiting a newly
>>> generated server certificate, the OCSP server wasn't ready and/or the
>>> certificate chain wasn't complete.
Nelson B Bolyard:
Eddy Nigg (StartCom Ltd.) wrote:
Just want to ask before opening a new bug: Upon visiting a newly
generated server certificate, the OCSP server wasn't ready and/or the
certificate chain wasn't complete. Ever since, I can't access this site
and receive sec_error_untrusted_ce
Eddy Nigg (StartCom Ltd.) wrote:
> Just want to ask before opening a new bug: Upon visiting a newly
> generated server certificate, the OCSP server wasn't ready and/or the
> certificate chain wasn't complete. Ever since, I can't access this site
> and receive sec_error_untrusted_cert. Even when us
If it's a persistent error in the profile, a bug needs to be filed
anyway. I have not yet seen this behavior.
-Kyle H
2008/6/11 Eddy Nigg (StartCom Ltd.) <[EMAIL PROTECTED]>:
> Just want to ask before opening a new bug: Upon visiting a newly generated
> server certificate, the OCSP server wasn't
Just want to ask before opening a new bug: Upon visiting a newly
generated server certificate, the OCSP server wasn't ready and/or the
certificate chain wasn't complete. Ever since, I can't access this site
and receive sec_error_untrusted_cert. Even when using a different sub
domain (it's a wil
11 matches
Mail list logo
