Hi Team
Is it possible to have multiple certificates having same subject to be part of
different aliases in NSSDB? For example, if I have
Certificate 1 :
Subject: CN = Certificate-randomcert.com
Serial Number: 02:0a:4f:ac:ad:80:00:32:19:5b:3f:38:08
Certificate 2 :
Subject: CN
I am the trying to get a new (for me) hardware token to work with the
nss lib on Linux. This is an ECA token (external certificate authority)
specified by the U.S. Government. Apparently there are specifications
for certificate common name naming conventions which require the
inclusion of a colon i
On Wednesday, 31 January 2018 06:43:19 CET John Jiang wrote:
> In order to describing my point clearly, please consider the below simple
> example.
>
> 1. Two certificates with same subject (CN=www.example.com) and different
> nicknames (respectively, example1 and example2). Both
In order to describing my point clearly, please consider the below simple
example.
1. Two certificates with same subject (CN=www.example.com) and different
nicknames (respectively, example1 and example2). Both of them are in PKCS12
format.
2. Import the certificates to an existing database
Hi,
I'm using NSS 3.35.
With my testing, it is not allowed to import multiple certificates with
same subject and different nicknames to a certificate database via pk12util.
I just want to confirm this point.
Best regards,
John Jiang
--
dev-tech-crypto mailing list
dev-tech-c
Dear forum readers,
I use self-signed certificates. As long as it's not for a large public, trust
can be achieved that way : the certificate is sent to a friend, its fingerprint
is then verified via a secure (enough) channel such as a phone call, and that's
fine.
Hence I was
Dear forum readers,
I use self-signed certificates. As long as it's not for a large public, trust
can be achieved that way : the certificate is sent to a friend, its fingerprint
is then verified via a secure (enough) channel such as a phone call, and that's
fine.
Hence I was
Dear forum readers,
I use self-signed certificates. As long as it's not for a large public, trust
can be achieved that way : the certificate is sent to a friend, its fingerprint
is then verified via a secure (enough) channel such as a phone call, and that's
fine.
Hence I was
Hi,
can someone tell me more about some technical detail. I want to know how the
private keys stored ind the key3.db are associated / linked with the
corresponding certificate stored in the cert8.db?
I could not find any detail how that was implemented. Hope someone could give
me more informat
Hope this is the right place to ask...
I use org.mozilla.jss.CryptoManager to manage certificates and everything works
fine.
Now I want to remove one of the existing certificates from outside using the
"certutil" command.
At this point CryptoManager::findCertsByNickname method reco
On CentOS 6 and 7, i can get certutil to list the certificates via
`certutil -L -d sql:${HOME}/.pki/nssdb`
but i need the creation and expiration date time stamps and many other details
of the certificate. How does one get detailed certificate information? i have
many certificates that
A SSL CA 3 with 08 70 BC C5 AF 3F DB 95 9A 91 CB 6A EE EF E4 65
>
>
> None of them seem to appear on:
> https://mozillacaprogram.secure.force.com/CA/IncludedCACertificateReport
>
> Is this page up to date?
>
> Is there any place where I can check which certificates are bu
/IncludedCACertificateReport
Is this page up to date?
Is there any place where I can check which certificates are bundled?
Any place to check which certificates were are added/removed on each
version? (I guess release notes, but don't see it)
Same applies for Thunderbird.
Thanks
--
dev
On 05/04/2015 10:09 AM, Brian Smith wrote:
On Fri, May 1, 2015 at 9:11 AM, Tanvi Vyas wrote:
On Apr 27, 2015, at 2:03 PM, Michael Peterson <
michaelpeterson...@gmail.com> wrote:
Now, in the album I posted above (https://imgur.com/a/dmMdG), the last
two screenshots show a packet capture from
On Fri, May 1, 2015 at 9:11 AM, Tanvi Vyas wrote:
> > On Apr 27, 2015, at 2:03 PM, Michael Peterson <
> michaelpeterson...@gmail.com> wrote:
> > Now, in the album I posted above (https://imgur.com/a/dmMdG), the last
> two screenshots show a packet capture from Wireshark. It appears that
> Firefox
On Friday 01 May 2015 12:11:00 Tanvi Vyas wrote:
> > On Apr 27, 2015, at 2:03 PM, Michael Peterson
wrote:
> >
> >
> > Firefox does not like our internal certificates. I'm trying to figure out
> > why...>
> >
> >
> > tl;dr - Our inte
Posting to mozilla-dev-tech-crypto instead. firefox-dev to bcc.
> On Apr 27, 2015, at 2:03 PM, Michael Peterson
> wrote:
>
> Firefox does not like our internal certificates. I'm trying to figure out
> why...
>
> tl;dr - Our internal IIS servers, signed with
Gervase Markham wrote:
> On 07/04/15 17:32, Hanno Böck wrote:
>> Are you using DSA? Firefox removed DSA recently (which is good - almost
>> nobody uses it and it's a quite fragile algorithm when it comes to
>> random numbers).
>
> Hanno's probably hit the nail on the head here.
> https://bugzilla.
On 07/04/15 17:32, Hanno Böck wrote:
> Are you using DSA? Firefox removed DSA recently (which is good - almost
> nobody uses it and it's a quite fragile algorithm when it comes to
> random numbers).
Hanno's probably hit the nail on the head here.
https://bugzilla.mozilla.org/show_bug.cgi?id=107386
On Thu, 2 Apr 2015 14:06:32 -0700 (PDT)
stefano.forn...@gmail.com wrote:
> it seems the latest update to FF37 has broken some SSL functionality.
> I am not able to access any more a java server running HTTPS. The
> implementation is based on standard Java SSL and I generated the
>
makes? (We have
a fallback connection if the first one fails; it might be useful to see
if it's triggered.)
> I am not able to access any more a java server running
> HTTPS. The implementation is based on standard Java SSL and I
Which version of Java?
> generated the certifica
Hi All,
it seems the latest update to FF37 has broken some SSL functionality. I am not
able to access any more a java server running HTTPS. The implementation is
based on standard Java SSL and I generated the certificates myself (being an
internal server). It seems the problem is not in the
e:x509ce:x509ce:x509ce:pkix1implicit:x509ce:x50
> 9sat:x509ce:x509sat:x]
> >
> > Secure Sockets Layer
> > -TLSv1.2 Record Layer: Handshake Protocol: Multiple
> Handshake Messages
> > +TLSv1 Record Layer: Handshake Protocol: Multiple
> Handshake Messages
> >
ke Messages
> +TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
> Content Type: Handshake (22)
> -Version: TLS 1.2 (0x0303)
> -Length: 1691
> + Version: TLS 1.0 (0x0301)
> + Length: 3052
> Handshake Protocol: Certificate
>
dshake (22)
-Version: TLS 1.2 (0x0303)
-Length: 1691
+Version: TLS 1.0 (0x0301)
+Length: 3052
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
-Length: 1289
- Certificates Length: 1286
- Certificates (
(look at my attached screenshot:
http://imgur.com/5VtcEpJ). or if this is not possible in any way i want an
option to select onlythe personal certificates from the return of
getPermCerts().
thanks for help.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https
la/firefox/XXX.default)
Running getCACerts on CryptoManager instance returns no certificates...
While certutil tool does show the certificates.
This is my code:
CryptoManager.initialize("~/.mozilla/firefox/zk13jer0.default/");
CryptoManager cm = Crypt
; file a bug under Core/Security:PSM ?
>
> On Thu, Oct 2, 2014 at 11:51 PM, Phil Davis wrote:
>
>> I am accessing pfSense router/s that have self-generated certificates so
>> obviously they do not validate publicly. Prior to Firefox 31 I had the
>> security warning and had
Hi Phil, this is probably something the pkix team should look at. can you
file a bug under Core/Security:PSM ?
On Thu, Oct 2, 2014 at 11:51 PM, Phil Davis wrote:
> I am accessing pfSense router/s that have self-generated certificates so
> obviously they do not validate publicly. Pr
I am accessing pfSense router/s that have self-generated certificates so
obviously they do not validate publicly. Prior to Firefox 31 I had the security
warning and had clicked through to add the certificate for a number of these
routers on our internal networks.
The list of certificates in
You can specify with -Z sha256. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1058870
On Tue, Sep 9, 2014 at 8:21 AM, Rex Roof wrote:
> Hi, I've been searching for documentation on this and I'm coming up short.
>
> I have created my own CA for our domain using moznss certutil on a redhat6
> m
Hi, I've been searching for documentation on this and I'm coming up short.
I have created my own CA for our domain using moznss certutil on a redhat6
machine.
I need to change my methods to start creating SHA256 certs (i'm sure you
all know why)
currently I use this command to create keys:
certu
Third, you may need to hook the client_auth_callback as John describes
below. If your server sends the list of trusted CA's in it's client
auth request, then the default client_auth_callback should be able to
find the cert on your smartcard without requiring the use of any
special hooks, bu
On 06/21/2013 08:13 AM, John Dennis wrote:
On 06/20/2013 01:20 PM, Johan Dahlin wrote:
[Sorry if this appears twice, the first copy got stuck in the moderation queue]
I'm investigating the use of smart card readers for my application[1],
which is also free software.
As part of the brazilian el
I've been setting that as well, if I pass in a nickname nss says that
the database is corrupted,
so I'm passing in an empty string.
I managed to get the password callback called as well, so there's some
interaction with
the pkcs11 device.
Still seeing a 403 though.
I've been trying to figure out
On 06/20/2013 01:20 PM, Johan Dahlin wrote:
> [Sorry if this appears twice, the first copy got stuck in the moderation
> queue]
>
> I'm investigating the use of smart card readers for my application[1],
> which is also free software.
>
> As part of the brazilian eletronic legislation I need to b
[Sorry if this appears twice, the first copy got stuck in the moderation queue]
I'm investigating the use of smart card readers for my application[1],
which is also free software.
As part of the brazilian eletronic legislation I need to be able to
connect to a https server[2] and do a couple of s
Rob Stradling wrote:
> > I presume that Firefox OS trusts NSS's "Built-in" Root Certificates
> > [1], but what (if anything) does Firefox OS do for EV SSL?
As you found, Firefox OS doesn't have an EV UI, and in fact I just disabled the
EV validation logic in B2
On 18/04/13 13:54, Rob Stradling wrote:
On 20/10/12 18:33, Brian Smith wrote:
B2G (Firefox OS) does use NSS.
Brian,
I presume that Firefox OS trusts NSS's "Built-in" Root Certificates [1],
but what (if anything) does Firefox OS do for EV SSL?
Does Firefox OS import PSM'
On 20/10/12 18:33, Brian Smith wrote:
B2G (Firefox OS) does use NSS.
Brian,
I presume that Firefox OS trusts NSS's "Built-in" Root Certificates [1],
but what (if anything) does Firefox OS do for EV SSL?
Does Firefox OS import PSM's list of EV-enabled Root Certificate
>> Hi all,
> >>
> >> I´m developing an applet with JSS 4, my intentions are to access
> >> Firefox´s certs repositories and recover the user certificates, and
> >> among them, only show to the user the certificates which have a
> >> private
On Friday, February 8, 2013 9:08:50 PM UTC, Brian Smith wrote:
> pass@googlemail.com
>
> > I use SSL_ConfigSecureServer with a certificate which was created in
>
> > memory (no db). The certificate was created with the
>
> > CERT_CreateCertificate passing the CA's issuer. The same cert was
>
passf...@googlemail.com
> I use SSL_ConfigSecureServer with a certificate which was created in
> memory (no db). The certificate was created with the
> CERT_CreateCertificate passing the CA's issuer. The same cert was
> also signed with the CA's key. The CA cert was also created on the
> fly, i.e.
Hi everyone,
I use SSL_ConfigSecureServer with a certificate which was created in memory (no
db). The certificate was created with the CERT_CreateCertificate passing the
CA's issuer. The same cert was also signed with the CA's key. The CA cert was
also created on the fly, i.e. without the need
Hi all,
What is the best way with NSS to find all certificates that have the
same subject name?
The function CERT_FindCertByName expresses the right general idea, but
it only returns one certificate at maximum. Internally, it calls
NSSCryptoContext_FindBestCertificateBySubject, which calls
On Mon, Nov 28, 2011 at 8:11 AM, mallapadi niranjan <
niranjan.as...@gmail.com> wrote:
> Hi all
>
> I would like to know how are serial numbers generated when creating certs
> using certutil commands(without -m option).
> And how do we track what serial numbers were given t
Hi all
I would like to know how are serial numbers generated when creating certs
using certutil commands(without -m option).
And how do we track what serial numbers were given to signed certificates ?
Any documentation on the above subject would be helpful.
Regards
Niranjan
--
dev-tech-crypto
eople have written scripts to extract the trusted root CA
> certificates from this file. Florian Weimer provided us with the
> following examples:
> https://atlaswww.hep.anl.gov/twiki/bin/view/UsAtlasTier3/FetchingCA-bundle
> http://cblfs.cross-lfs.org/index.php/OpenSSL
> http://
On 11/10/11 05:02, Nelson B Bolyard wrote:
> I'd say it's going to be difficult for the typical scripting language to do
> the recommended instructions. How about putting the distrusted certs and
> their trust objects in a separate file in the CVS repository?
What particularly do you think is dif
ipts to extract the trusted root CA
> certificates from this file. [...]
> After the two CA break-in incidents this year, certdata.txt started to
> contain several explicitly distrusted certificates. Scripts that
> extract trusted root CA certificates from certdata.txt must now check
>
e (which may not be a
> CA) is explicitly distrusted.
>
> Note: I recommend that the scripts assert that these attributes only
> have these three values, so that it can detect when this assumption is
> no longer true.
>
> The scripts must exclude the certificates whose trust
certificates from this file. Florian Weimer provided us with the
following examples:
https://atlaswww.hep.anl.gov/twiki/bin/view/UsAtlasTier3/FetchingCA-bundle
http://cblfs.cross-lfs.org/index.php/OpenSSL
http://curl.haxx.se/docs/parse-certs.txt
Originally certdata.txt contained only trusted root
On 2011/09/07 09:38 PDT, praspa wrote:
>
> I'm trying to make two separate HTTPS requests to a remote host using two
> client sockets and two different client certificates respectively (client
> cert A and B). [...]
> From my host, I'm able to make two connections on
I'm trying to make two separate HTTPS requests to a remote host using two
client sockets and two different client certificates respectively (client
cert A and B). My test program is a modified version of:
http://mxr.mozilla.org/mozilla/source/security/jss/org/mozilla/jss/ssl/SSLTest.java.
On Thu, Apr 7, 2011 at 5:26 AM, Joachim Lingner
wrote:
Hi,
I am testing NSS 3.9.12 with CKBI 1.82 on Windows. To verify that the bogus
certificates are recognized as such I run vfychain. The certificates are
exported from the Windows certificate store.
Having vfychain use
On Thu, Apr 7, 2011 at 5:26 AM, Joachim Lingner
wrote:
> Hi,
>
> I am testing NSS 3.9.12 with CKBI 1.82 on Windows. To verify that the bogus
> certificates are recognized as such I run vfychain. The certificates are
> exported from the Windows certificate store.
>
>
Hi,
I am testing NSS 3.9.12 with CKBI 1.82 on Windows. To verify that the
bogus certificates are recognized as such I run vfychain. The
certificates are exported from the Windows certificate store.
Having vfychain use CERT_VerifyCertificate gives me this output
[../nss/wntmsci12.pro/bin
This announcement is related to the same underlying issue as reported in
http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/
While the above mentioned hotfix was made at the Mozilla client
application level, we would like to provide a hotfix at the NSS level
Ridley wrote:
> Presence both of a pair of cross-certificates in the Authorities
> certificarte store results looping rather than traversing to a root
> certificate.
See https://bugzilla.mozilla.org/show_bug.cgi?id=634074.
- Brian
--
dev-tech-crypto mailing list
dev-te
Presence both of a pair of cross-certificates in the Authorities
certificarte store results looping rather than traversing to a root
certificate. Although the looping appears to end in the 5th scrolled
image [See link to gallery below], that is ending at a cross-
certificate and not a root. It
On Feb 1, 12:45 am, Robert Relyea wrote:
> If I were you, I'd double check my byte compare code in B. Try
> connecting to A with one cert and to B with another and make sure it
> fails. In our previous example, you clearly had a mangled version of
> certificate C sent to be, but you indicated tha
o these two certs identify the same subject", then you
>> may need to do much more work.
>>
> Just byte-comparing seems right; I see no reason why system C would
> want
> to use different certificates for connecing to A and C.
>
> Thank you for your response. I think my
certs identical"
> then comparing both from stem to stern is a very good way. If you're
> trying to ask "do these two certs identify the same subject", then you
> may need to do much more work.
>
Just byte-comparing seems right; I see no reason why system C would
want
On 2011-01-29 06:06 PDT, Ambroz Bizjak wrote:
> Hello. I have a problem with NSS. Here's what I'm trying to achieve:
[ If I may paraphrase, system C sends a cert to systems A and B. ]
[ A forwards its copy to B. B must compare the two copies. ]
> Here's how I encoded the certificate (on
ing so, it must identify with the same client certificate
as it did to A. So, I made A encode C's certificate to DER format and
send it to system B, before ordering C to connect to B. Once C
connects to B, B byte-compares the peer provided ant the server
provided certificates to make sure they
Hello,
I'd like to be able to read the server certificate and the certificate
chain that belongs to a page loaded via an HTTPS connection. Are there
any bindings for that in JavaScript, XUL, or DOM so that I can easily
do that in a Firefox extension?
I read the respective APIs on MDC but didn't f
> I am using NSS on linux as a part of a bigger project. To implement
> similar functionality on windows I used windows system APIs. If you
> have any working example pl. share with me.
That's OK. Post a complete, minimal program that runs on Linux.
--
dev-tech-crypto mailing list
dev-tech-crypt
> Sent: Tuesday, October 19, 2010 8:06:33 AM
> Subject: Re: problem Importing certificates in NSS db using Cert_importcerts -
>
> CAN Somebody please help me ???
> THanks
>
> On Oct 18, 12:32 pm, PeachUser wrote:
> > I am implementing functionality which needs to tak
Importing certificates in NSS db using Cert_importcerts -
CAN Somebody please help me ???
THanks
On Oct 18, 12:32 pm, PeachUser wrote:
> I am implementing functionality which needs to take trusted root
> certs from user and use it to do SSl handshake.
> I use CERT_ImportCert
> I read a DER
CAN Somebody please help me ???
THanks
On Oct 18, 12:32 pm, PeachUser wrote:
> I am implementing functionality which needs to take trusted root
> certs from user and use it to do SSl handshake.
> I use CERT_ImportCert
> I read a DER file get the data and length , create SECItem and then
> pas
I am implementing functionality which needs to take trusted root
certs from user and use it to do SSl handshake.
I use CERT_ImportCert
I read a DER file get the data and length , create SECItem and then
pass it to the CERt_importCerts.
I am keeping both the "keepcerts" and "isCA" flags true.
On 2010-06-10 07:49 PDT, Jean-Marc Desperrier wrote:
> Nelson B Bolyard wrote:
>> Fame and Glory await.:-)
>
> Which means a mention in http://www.mozilla.org/credits/ or about:credits :
>We would like to thank our contributors, whose efforts make this
> software what it is. [...]
>Any su
Nelson B Bolyard wrote:
Fame and Glory await.:-)
Which means a mention in http://www.mozilla.org/credits/ or about:credits :
We would like to thank our contributors, whose efforts make this
software what it is. [...]
Any such contributors who wish to be added to the list should send
mail
On 2010-06-09 05:18 PDT, the_flyingdutch wrote that when fetching certs from
LDAP ...
> [...] Thunderbird can evaluate maximum two certificates of the
> email receiver, even if the email receiver owns more than two
> certificates. This behaviour prevents that the encoding certificate i
Dear crypto-groupe
,
below i wrote down our Technical cause analysis for Thunderbird
problem with the search for certificates in the S-TRUST trust list
service and will please you, to support us with this question:
the analysis of the phenomenon has proved that the problem is caused
client-sided
On 05/19/2010 02:51 PM, Bud P. Bruegger wrote:
> Hello, I would like to ask your advice on how to best deal with a
> problem related to deleting certificates/keys.
>
> I'm currently experimenting with creating short-lived certificates for
> TLS-client-authentication using the
Hello, I would like to ask your advice on how to best deal with a
problem related to deleting certificates/keys.
I'm currently experimenting with creating short-lived certificates for
TLS-client-authentication using the element. While it seems
easy to create the keys/certs, I have
Am 05.05.2010 21:28, schrieb Nelson B Bolyard:
> Hopefully I've cleared that up with my explanation above.
Yes you did. Thanks for the very verbose explanation.
Matthias
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
use I assumed NSS looks for the values
> in the X.509 certificate itself...
NSS does look at values in the certificate, but searches for certificates
are done based on attribute values.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On 2010/05/04 12:10 PDT, Robert Relyea wrote:
> 2) almost all tokens mark the private key as private, and it's not even
> findable if the token has not been logged in. As Honras and Nelson
> pointed out, this is what makes a cert 'yours'. It's also used when
> deciding if a cert is usable for cl
On 05.05.2010 11:05, M.Hunstock wrote:
> In the meanwhile it appears in the correct tab, but the trust chain
> cannot be built. It says something like "this certificate could not be
> verified for an unknown reasen" (I have a localized version of FF).
Well..
"if you do everything right, everthin
Am 05.05.2010 12:03, schrieb Kaspar Brand:
> Does the cert viewer not show any chain (under "Details"), or is it just
> showing the "Could not verify this certificate for unknonw reasons"
> message on the "General" tab?
It is the latter, on the "Details" tab in the chain field it shows just
the
On 05.05.2010 11:05, M.Hunstock wrote:
> In the meanwhile it appears in the correct tab, but the trust chain
> cannot be built. It says something like "this certificate could not be
> verified for an unknown reasen" (I have a localized version of FF).
Does the cert viewer not show any chain (under
Am 05.05.2010 08:59, schrieb Kaspar Brand:
> Does your cert / CKO_CERTIFICATE object lack a label?
My application sets it to "null" (Java app), but even when I put
something into that label.. there are strange results.
I read the labels with pkcs11-tool from openSC, and it prints out
something.
Am 04.05.2010 21:10, schrieb Robert Relyea:
> If the token is marked with the publically readable certs/friendly
> flag, then NSS will not try to authenticate to it before looking up
> certs and depend on the public key semantics to identify 'user' certs.
> If your token does not have a public
On 04.05.2010 19:39, M.Hunstock wrote:
> Is there some magic done with the labels, too?
Does your cert / CKO_CERTIFICATE object lack a label?
If so, I remember having seen a similar issue. The problem "starts" with
this PSM code, most likely:
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/s
> That results in 2 questions from me:
>
> 1. What is the criteria of NSS for distinguishing between "own" and
> "others" certificates?
>
> 2. I recently read that there is a hidden flag to mark a token
> implementation as "friendly", allowing
resume that the token does not possess
> the corresponding private key.
That seems true. Now the IDs are equal - and another problem arises. The
certificate is now shown in the "Your certificates" tab, but something
seems to be wrong with the labels. The certificate cannot be linked to
t
oduces" cards, I have a strange effect when trying to use them.
>
> There is a PKCS#11 module for the tokens used, which loads and works
> fine e.g. in Firefox. When a token is inserted, Firefox shows the
> certificate on the token only in the "Other Persons" tab, but not in
On 5/4/2010 3:41 PM, M.Hunstock wrote:
1. What is the criteria of NSS for distinguishing between "own" and
"others" certificates?
This function [1] used from [2] should return true for your
certificate. If there is a private key, then you should see it in the
user tab
is a PKCS#11 module for the tokens used, which loads and works
fine e.g. in Firefox. When a token is inserted, Firefox shows the
certificate on the token only in the "Other Persons" tab, but not in
"Your certificates" although there is a matching keypair on the token
and I manual
Kaspar is correct; the server is returning the wrong intermediate
cert. You can see this by using VeriSign's Chain Checker at
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130
I'll have our support team contact the customer. Thanks for
Kaspar Brand schrieb am 09.04.2010 18:28:
On 09.04.2010 15:35, Ulrich Boche wrote:
According to Firefox, the complete chertificate chain is:
service.lbb.de
VeriSign Class 3 Secure Server CA - G2
Builtin Object Token: Verisign Class 3 Public Primary Certification
Authority - G2
The certificat
On 09.04.2010 15:35, Ulrich Boche wrote:
> According to Firefox, the complete chertificate chain is:
>
> service.lbb.de
>
> VeriSign Class 3 Secure Server CA - G2
>
> Builtin Object Token: Verisign Class 3 Public Primary Certification
> Authority - G2
>
> The certificate I listed is only the i
Eddy Nigg schrieb am 09.04.2010 15:14:
On 04/09/2010 04:05 PM, Ulrich Boche:
I'm not sure what the right newsgroup for this problem is. If I'm not
at the right place here, please let me know.
Apparently, the the CA root certificates that are supplied with
Firefox 3.6.3 are different
On 04/09/2010 04:05 PM, Ulrich Boche:
I'm not sure what the right newsgroup for this problem is. If I'm not
at the right place here, please let me know.
Apparently, the the CA root certificates that are supplied with
Firefox 3.6.3 are different from those that come with Thunderb
On 04/09/2010 04:05 PM, Ulrich Boche:
I'm not sure what the right newsgroup for this problem is. If I'm not
at the right place here, please let me know.
Apparently, the the CA root certificates that are supplied with
Firefox 3.6.3 are different from those that come with Thunderb
I'm not sure what the right newsgroup for this problem is. If I'm not at
the right place here, please let me know.
Apparently, the the CA root certificates that are supplied with Firefox
3.6.3 are different from those that come with Thunderbird 3.0.4. The
following CA certifi
ces, this is the same
concern raised in the Problematic Practices for wildcard certificates,
except that the name constraints allow multiple labels (i.e., dots):
https://wiki.mozilla.org/CA:Problematic_Practices#Wildcard_DV_SSL_certificates
Personally I'm not worried about this weak attempt to fo
On 2010-04-07 01:54 PST, Jean-Marc Desperrier wrote:
> Matt McCutchen wrote:
>> On Apr 6, 5:54 am, Jean-Marc Desperrier wrote:
>>>> Matt McCutchen wrote:
>>>>> > An extended key usage of "TLS Web Server Authentication" on the
>>>>&
1 - 100 of 579 matches
Mail list logo
