On Sunday, September 13, 2020 at 3:00:21 PM UTC-7, Graham Leggett wrote:
> Hi all,
>
> In a script, I need to know what the “best” certificate is in the NSS
> database for a given host.
>
> The “best” certificate is
> - A valid certificate by all the usual definitions of valid; and
> - Match
--On July 16, 2014 17:32:22 +0200 Kai Engert wrote:
> On Mon, 2014-07-14 at 23:38 +0200, Bernhard Thalmayr wrote:
>> Is there any documentation available for '--extSAN' parameter? Mr.
>> Google did not find any helpful resource.
>
> Look at the help output that certutil produces with the -H com
On Mon, 2014-07-14 at 23:38 +0200, Bernhard Thalmayr wrote:
> Is there any documentation available for '--extSAN' parameter? Mr.
> Google did not find any helpful resource.
Look at the help output that certutil produces with the -H command:
--extSAN type:name[,type:name]...
Create a Sub
Thanks a lot for the details Kai, much appreciated.
Indeed I was referring to options '-7', '-8' as they are decribed at
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_certutil
I was not aware of '--extSAN' as it seems to be missing from the above
doc. Thanks fo
On Mon, 2014-07-14 at 10:47 +0200, Bernhard Thalmayr wrote:
> What is the reason, why certutil supports 'dNSName' GeneralNames for
> SubjectAltName but not 'iPAddress' (RFC 3270 secion 4.2.1.7)?
Do you refer to the command line parameters -7 and -8 ?
I don't know why this subset was chosen in the
On Do, 2014-05-08 at 19:03 +0530, radiatejava wrote:
> I am using NSS db and utility to maintain certificates for a web
> server. I am facing an issue, please go through the steps I am
> listing. Can anyone explain why I am getting 'u' attr for certificate
> with ca-3 alias even though I did not pr
Hello folks,
Any update on this ? One of my customer is waiting on this. Daniel
Veditz from dev-security asked me to contact this list. Hope someone
can look into this. If required, I can repro this and and show to
someone who has developed certutil.
Thanks.
On Thu, May 8, 2014 at 7:03 PM, radiat
On Tue, Apr 16, 2013 at 8:01 PM, Robert Relyea wrote:
> On 04/15/2013 02:34 PM, Matt Yakel wrote:
>
>> Hi all, Is the "certutil" a linux tool only? I am needing to deploy Local
>> Security Certs to our work network (windows).
>>
>
> No, it can be built for pretty much any NSS supported platform.
On 04/15/2013 02:34 PM, Matt Yakel wrote:
Hi all, Is the "certutil" a linux tool only? I am needing to deploy
Local Security Certs to our work network (windows).
No, it can be built for pretty much any NSS supported platform. We use
it as part of the NSS tests. However, I know of no one who is
Thanks for your reply
On Wednesday, April 10, 2013 9:10:33 PM UTC+1, Kai Engert wrote:
> On Wed, 2013-04-10 at 11:36 -0700, daniemarq...@gmail.com wrote:
>
> > I'm trying to generate a Certificate Signing Request to be later signed by
> > a CA and imported to a NSS database.
>
> >
>
> > Curr
On Wed, 2013-04-10 at 11:36 -0700, daniemarq...@gmail.com wrote:
> I'm trying to generate a Certificate Signing Request to be later signed by a
> CA and imported to a NSS database.
>
> Currently Using the following commands:
>
> certutil -R -d alias -f nssPasswordFile -s "sample-dn" -n "sample-
Hey,
I've been massively distracted in other projects so I'm way behind in
this issue...
On Sat, 2011-02-12 at 22:33 -0800, Nelson B Bolyard wrote:
> On 2011-01-25 13:07 PDT, Michael H. Warfield wrote:
>
> > [...] Instead of having a cert in the
> > database with the name I specified in creatin
On 2011-01-25 13:07 PDT, Michael H. Warfield wrote:
> [...] Instead of having a cert in the
> database with the name I specified in creating the .p12 file, I ended up
> with a cert in the database with the name of the E-Mail address in the
> cert. Not sure where that problem is (openssl or the pk
Warning: This message has had one or more attachments removed
Warning: (gorgon10.wittsend.com.p12).
Warning: Please read the "WittsEnd-Attachment-Warning.txt" attachment(s) for
more information.
Hey hey...
On Sun, 2011-01-30 at 04:12 -0800, Nelson B Bolyard wrote:
> Michael,
> Can you make avai
Michael,
Can you make available to me the cert8.db file and the "nokey" p12 files
exactly as they were before you did the fateful certutil -D step?
If so, I'm interested in trying to track this down.
I have a test for you to try that *MAY* (or may not) prove to be a
solution for you. I believe yo
On 10/27/2010 01:18 AM, Nelson B Bolyard wrote:
Mandatory training for all residents of Washington State regarding the
Principle of Least Astonishme
I can only imagine how that conversation went:
Developer: Hey boss!
Architect: Yes, developer?
Developer: All the critical system librariess h
On 2010-10-26 23:03 PDT, Kaspar Brand wrote:
> Microsoft's directory naming might actually confuse you here. On a
> 64-bit Windows system, %systemroot%\SysWOW64 has the *32*-bit DLLs,
> while the 64-bit versions can be found under %systemroot%\system32.
AAARRGGG!
>> What do you suggest ?
On 26.10.2010 21:06, Marcio wrote:
> 1.1) and when I try to add the module I get the error: 193
> modutil -add "New module" -libfile "C:\Windows\SysWOW64\aetpkss1.dll" -
> dbdir .
Microsoft's directory naming might actually confuse you here. On a
64-bit Windows system, %systemroot%\SysWOW64 has th
On 10/26/2010 12:06 PM, Marcio wrote:
> On 26 out, 14:41, Robert Relyea wrote:
>
>> On 10/26/2010 08:52 AM, Marcio wrote:
>>
>>
>>
>>
>>> Hi there,
>>>
>>
>>> Running certutil -U -d 'dir of db on my profile' I can not see the
>>> token and slot with my certificate.
>>>
>
On 26 out, 14:41, Robert Relyea wrote:
> On 10/26/2010 08:52 AM, Marcio wrote:
>
>
>
> > Hi there,
>
> > Running certutil -U -d 'dir of db on my profile' I can not see the
> > token and slot with my certificate.
>
> > I´m using:
>
> > a) certutil (compiled as WIN954_64 with MSVC9 64)
> > b) SafeSi
On 10/26/2010 08:52 AM, Marcio wrote:
> Hi there,
>
> Running certutil -U -d 'dir of db on my profile' I can not see the
> token and slot with my certificate.
>
> I´m using:
>
> a) certutil (compiled as WIN954_64 with MSVC9 64)
> b) SafeSign (aetpkss1.dll) (64 bits)
> c) Gemplus Smart Cardd Reader
On 2010-02-23 04:05 PST, armin.n...@deutsche-boerse.com wrote:
> Hello,
>
> I am new to SSL and certificates and I have to setup Apache's Qpid
> broker using both server authentication and client authentication
> which requires certificates on both sides.
> We will store a certificate from each cl
I will defer to your experience in the war-stories you've heard, Nelson.
You've certainly seen a lot more people do stupid things in this area
than I have, I'm sure. I tend to get involved only when people want to
do PKI the right way :-).
I am a strong believer that educating the general masses
Arshad Noor wrote, On 2008-06-23 15:58:
> Nelson,
>
> I think you may want to qualify your message in this paragraph, so as
> to not mislead people who don't understand PKI very well.
Arshad:
I want people who don't understand PKI very well to get one message,
loud and clear: Don't try to make
Nelson,
I think you may want to qualify your message in this paragraph, so as
to not mislead people who don't understand PKI very well.
As I'm sure most people on this list know, every Root CA certificate is
a self-signed certificate. There is nothing inherently insecure about
such certificates,
Dennis Darch wrote, On 2008-06-23 13:05:
> I am extending our application software to function as an LDAP/SSL client
> for login authentication. To do this, I have built the Mozilla LDAP C
> SDK 6.0.4 with NSS 3.11.9 and NSPR 4.7.
>
> Obviously, our customers have to set up cert8.db and key3.db
nade "Ronald" Lu wrote, On 2007-12-08 15:45:
> i want to use one of the NSS security tools, certutil, in order to manage
> the certificate database(cert8.db). I visited your webpage, however I got a
> little bit confused. I have downloaded nss-3.11.4-with-nspr-4.6.4.tar.gz
> from
> https://ftp.moz
"David Stutzman" a écrit dans le message de news:
[EMAIL PROTECTED]
> Ahryman40k wrote:
>> Oups sorry for this. I do it again !
>>
>> i want to sign my xpi package, and i have download NSS utilities ( 3.11 )
>> and a dll package containing libspr4.dll.
>> when i launch certutil.exe tools, i have
Ahryman40k wrote:
> Oups sorry for this. I do it again !
>
> i want to sign my xpi package, and i have download NSS utilities ( 3.11 )
> and a dll package containing libspr4.dll.
> when i launch certutil.exe tools, i have the following error message :
>
> PR_GetLibraryFilePathname could not be lo
Oups sorry for this. I do it again !
i want to sign my xpi package, and i have download NSS utilities ( 3.11 )
and a dll package containing libspr4.dll.
when i launch certutil.exe tools, i have the following error message :
PR_GetLibraryFilePathname could not be located in the dyanmic link librar
Bob,
Thanks for yor reply. Infact, I am working on the NSS Bug # 291383.
There it
proposes an option to delete an orphan key. I am able to see how to make
a patch
which can identify a key based on CKA_ID and then delete it also but
what if I dont
have a CKA_ID and even not a cert but only a
Biswatosh wrote:
As a sequel to the earlier mail about the way to extract infos from a
Cert Req file,
I have this to discuss.
As I understand, CertReq is a PKCS 10 structure and so the min.
members would be
1)Name and 2)SubjectPublicKeyInfo ,at least.
Now, do we need to identify an orphan key
Please find the certificate in PEM form enclosed.
-BEGIN CERTIFICATE-
MIIFSzCCBDOgAwIBAgIDD0UKMA0GCSqGSIb3DQEBBQUAMIG3MT0wOwYDVQQDEzRU
aGUgSW5zdGl0dXRlIG9mIENoYXJ0ZXJlZCBBY2NvdW50YW50cyBvZiBJbmRpYSAt
IElBMS8wLQYDVQQLEyZUQ1MtQ2VydGlmeWluZyBBdXRob3JpdHkgVHJ1c3QgTmV0
d29yazE4MDYGA1UEChMvVGhlI
Anyang Ren wrote:
> On 6/14/06, Anthony Lieuallen <[EMAIL PROTECTED]> wrote:
>> But, no matter how I import a certificate, I can't get "signtool -l" to
>> list that as one that I can sign things with. It will list a testing
>> cert made with "signtool -G" and then "certutil -L" says "u,u,Cu" for
udaybhaskar wrote:
> Dear all,
>
> I was trying to retrieve the subject dn of the enclosed certificate with
enclosed?
This mailing list does not permit binary attachments. I suggest you make
a base64 encoded (a.k.a. "PEM" or "ASCII Armored") version of the cert
and send that in the body of you
On 6/14/06, Anthony Lieuallen <[EMAIL PROTECTED]> wrote:
The documentation for the certutil tool [1] refers to a "u" value for
the -t argument which it says means "Certificate can be used for
authentication or signing".
It seems that the certutil man page should be improved to document
the "u"
Anthony Lieuallen wrote:
> The documentation for the certutil tool [1] refers to a "u" value for
> the -t argument which it says means "Certificate can be used for
> authentication or signing". When I "certutil -H" it says u means "user
> cert" and mentions nothing about being able to be used f
37 matches
Mail list logo
