nitions of valid; and
> - Matches the hostname provided either by using the subject or the
> subjectAltName (with optional wildcards); and
> - (to break ties) Has the longest validity.
>
> From what I can see certutil can’t do this. Is there an alternative tool I
> should be usi
wildcards); and
- (to break ties) Has the longest validity.
From what I can see certutil can’t do this. Is there an alternative tool I
should be using?
If no tool exists, is there a corresponding API call in the NSS API that will
return a certificate (or certificates) as per the definition above
or
certreq.exe, they require you specify the data type of the value. However,
certutil does not point out anything along those lines in their
documentation.
In OpenSSL, I would write something like this in the config file:
SubjectAltName=otherName:1.3.6.1.4.1.311.20.2;UTF8:john@example.com
Ce
From: David Woodhouse
The result must be freed by calling P11URI_FreeString()
---
cmd/certutil/certutil.c | 3 +++
lib/nss/nss.def | 1 +
lib/pk11wrap/pk11pub.h | 2 ++
lib/pk11wrap/pk11slot.c | 18 ++
4 files changed, 24 insertions(+)
diff --git a/cmd/certutil
You can specify with -Z sha256. See
https://bugzilla.mozilla.org/show_bug.cgi?id=1058870
On Tue, Sep 9, 2014 at 8:21 AM, Rex Roof wrote:
> Hi, I've been searching for documentation on this and I'm coming up short.
>
> I have created my own CA for our domain using moznss ce
Hi, I've been searching for documentation on this and I'm coming up short.
I have created my own CA for our domain using moznss certutil on a redhat6
machine.
I need to change my methods to start creating SHA256 certs (i'm sure you
all know why)
currently I use this command
--On July 16, 2014 17:32:22 +0200 Kai Engert wrote:
> On Mon, 2014-07-14 at 23:38 +0200, Bernhard Thalmayr wrote:
>> Is there any documentation available for '--extSAN' parameter? Mr.
>> Google did not find any helpful resource.
>
> Look at the help output tha
On Mon, 2014-07-14 at 23:38 +0200, Bernhard Thalmayr wrote:
> Is there any documentation available for '--extSAN' parameter? Mr.
> Google did not find any helpful resource.
Look at the help output that certutil produces with the -H command:
--extSAN type:name[,type:name]...
0, Bernhard Thalmayr wrote:
What is the reason, why certutil supports 'dNSName' GeneralNames for
SubjectAltName but not 'iPAddress' (RFC 3270 secion 4.2.1.7)?
Do you refer to the command line parameters -7 and -8 ?
I don't know why this subset was chosen in the past.
However,
On Mon, 2014-07-14 at 10:47 +0200, Bernhard Thalmayr wrote:
> What is the reason, why certutil supports 'dNSName' GeneralNames for
> SubjectAltName but not 'iPAddress' (RFC 3270 secion 4.2.1.7)?
Do you refer to the command line parameters -7 and -8 ?
I don't kno
Hi experts, although I'm pretty sure this has been asked before I could
not find any pointers in the archive.
What is the reason, why certutil supports 'dNSName' GeneralNames for
SubjectAltName but not 'iPAddress' (RFC 3270 secion 4.2.1.7)?
Especially Directory Serve
even though I did not provide this attribute while
> adding it.
The 'u' attribute means 'user owned', that certutil is able to see a
private key along with the certificate.
> This is creating problem for me - CA signed cert with
> tomcat is not considered as the
Hello folks,
Any update on this ? One of my customer is waiting on this. Daniel
Veditz from dev-security asked me to contact this list. Hope someone
can look into this. If required, I can repro this and and show to
someone who has developed certutil.
Thanks.
On Thu, May 8, 2014 at 7:03 PM
01 CSCOcpm]# certutil -d
/opt/CSCOcpm/appsrv/apache-tomcat-6.0.36/conf/nssdb/ -L
ca-2 CT,C,C
ca-3 CTu,Cu,Cu
ca-7 CT,C,C
www.cis
nvm, already built.
btw, is normal "certutil -L -d " not to list/echo anything?
On Thu, Aug 22, 2013 at 9:50 AM, helpcrypto helpcrypto wrote:
> Hi.
>
>
> Does anyone in here have a recently compiled version of modutil, certutil
> and their dependencies, for windows
Hi.
Does anyone in here have a recently compiled version of modutil, certutil
and their dependencies, for windows platform? (better if both: 32 bits and
64 bits).
Just to save time and head hitting against the wall...
Thanks in advance!
--
dev-tech-crypto mailing list
dev-tech-crypto
bytes.
I ran following command:
certutil -K -d , it displayed entries which indicated that along
with valid entries that match with certutil -L -d output, there
were orphan keys in the db
for examples:
<584> dh bde64ed8d8ed868390e3133cccde75ef22e4c19f (orphan)
Following note
- Original Message -
> From: "kavithaggovindas...@gmail.com"
> Subject: How to install and configure Firefox Database Certificate Authority
> Tool (Certutil)
> Now i want to log-in using the Certificate Authority Tool by passing public
> and private key.
Wh
I have a PHP based web application with log-in functionality. Now the log-in
works with the help of SQLite database. Now i want to log-in using the
Certificate Authority Tool by passing public and private key.
I searched for this through Internet and i can't find any working example.
Can any on
On Tue, Apr 16, 2013 at 8:01 PM, Robert Relyea wrote:
> On 04/15/2013 02:34 PM, Matt Yakel wrote:
>
>> Hi all, Is the "certutil" a linux tool only? I am needing to deploy Local
>> Security Certs to our work network (windows).
>>
>
> No, it can be built fo
On 04/15/2013 02:34 PM, Matt Yakel wrote:
Hi all, Is the "certutil" a linux tool only? I am needing to deploy
Local Security Certs to our work network (windows).
No, it can be built for pretty much any NSS supported platform. We use
it as part of the NSS tests. However, I know of
Hi all, Is the "certutil" a linux tool only? I am needing to deploy
Local Security Certs to our work network (windows). I am trying to use
the FirfoxADM to deploy the local user profile settings. I need to get
our Office Trusted CA in the .cer form into the (cert8.db, key3.db,
secmod
orted to a NSS database.
>
> >
>
> > Currently Using the following commands:
>
> >
>
> > certutil -R -d alias -f nssPasswordFile -s "sample-dn" -n "sample-dn" -k
> > "rsa" -g 2048 -o cert.req -a -z noiseFile
>
>
>
> I think
On Wed, 2013-04-10 at 11:36 -0700, daniemarq...@gmail.com wrote:
> I'm trying to generate a Certificate Signing Request to be later signed by a
> CA and imported to a NSS database.
>
> Currently Using the following commands:
>
> certutil -R -d alias -f nssPasswordFile -s
Hi
I'm trying to generate a Certificate Signing Request to be later signed by a CA
and imported to a NSS database.
Currently Using the following commands:
certutil -R -d alias -f nssPasswordFile -s "sample-dn" -n "sample-dn" -k "rsa"
-g 2048 -o cert.req -a
Checking https://developer.mozilla.org/jss_build_4.3.html i
succesfully compiled some time ago NSS+JSS+modutil/certutil for OSX
10.6.7
I reported in on wiki
https://developer.mozilla.org/HOWTO_successfully_compile_JSS_and_NSS_for_32_and_64_bits_on_OSX_10.6_%2810.6.7%29
how i did it.
This week i
Hi,
Maybe I'm getting something completely wrong, but I seem to be unable
to extract a key from an nss database with certutil.
Testcase:
1. I create an nss database:
mkdir db
certutil -N -d db
2. I create a root cert + key:
certutil -d db -S -n "rootca" -t "C" -s &qu
with the name I specified in creating the .p12 file, I ended up
> > with a cert in the database with the name of the E-Mail address in the
> > cert. Not sure where that problem is (openssl or the pk12util import).
> > But, I went to delete that certificate and that's when the fun
enssl or the pk12util import).
> But, I went to delete that certificate and that's when the fun begun.
> "certutil -D -n postmas...@wittsend.com" ran without error but the cert
> was still there. Run it again and you get this error:
>
> [root@romulus ipsec.d]#
gt; Can you make available to me the cert8.db file and the "nokey" p12 files
> exactly as they were before you did the fateful certutil -D step?
> If so, I'm interested in trying to track this down.
Attached. Did two runs. Same p12 file. One with a cert8.db and one
with a cert9
Michael,
Can you make available to me the cert8.db file and the "nokey" p12 files
exactly as they were before you did the fateful certutil -D step?
If so, I'm interested in trying to track this down.
I have a test for you to try that *MAY* (or may not) prove to be a
solution for
rtificates have been imported
directly using "certutil -A" since they don't have a private key.
Everything was fine and someone on the Openswan list happen to ask why
didn't I used pk12 for the peer certificate by using the -nokey option
when creating them from openssl. So I trie
irect the bug report accordingly.
The report is that the crashs is inside NSS's certutil, Nelson.
Perhaps I have confused this Matej with another. I understood that Matej is
developing his own PKCS#11 module, and his report is that NSS's certutil
crashes when run with his non-NSS PKCS#
bug report accordingly.
>
> The report is that the crashs is inside NSS's certutil, Nelson.
Perhaps I have confused this Matej with another. I understood that Matej is
developing his own PKCS#11 module, and his report is that NSS's certutil
crashes when run with his non-NSS PKCS#
that the crashs is inside NSS's certutil, Nelson.
As Thunderbird with the same data doesn't crash, it doesn't seem to
actually be in the library, but even just in a NSS tool, a crash is
serious.
I would like to file the bug if I had a way to actually obtain the stack
trace. I gue
Nelson B Bolyard wrote:
Please don't file a bug without a stack trace showing the crash is in NSS.
[...]
If the back trace shows the crash is not in NSS, but in some other
library, please direct the bug report accordingly.
The report is that the crashs is inside NSS's certutil, N
On 10/27/2010 01:18 AM, Nelson B Bolyard wrote:
Mandatory training for all residents of Washington State regarding the
Principle of Least Astonishme
I can only imagine how that conversation went:
Developer: Hey boss!
Architect: Yes, developer?
Developer: All the critical system librariess h
On 2010-10-26 23:03 PDT, Kaspar Brand wrote:
> Microsoft's directory naming might actually confuse you here. On a
> 64-bit Windows system, %systemroot%\SysWOW64 has the *32*-bit DLLs,
> while the 64-bit versions can be found under %systemroot%\system32.
AAARRGGG!
>> What do you suggest ?
On 26.10.2010 21:06, Marcio wrote:
> 1.1) and when I try to add the module I get the error: 193
> modutil -add "New module" -libfile "C:\Windows\SysWOW64\aetpkss1.dll" -
> dbdir .
Microsoft's directory naming might actually confuse you here. On a
64-bit Windows system, %systemroot%\SysWOW64 has th
ven if here it seem to only be a bug inside the certutil
> tool, not inside the NSS library component themselves.
Please don't file a bug without a stack trace showing the crash is in NSS.
When your program crashes, it should create a file named "core" or
"core" (where X
On 10/26/2010 12:06 PM, Marcio wrote:
> On 26 out, 14:41, Robert Relyea wrote:
>
>> On 10/26/2010 08:52 AM, Marcio wrote:
>>
>>
>>
>>
>>> Hi there,
>>>
>>
>>> Running certutil -U -d 'dir of
On 26 out, 14:41, Robert Relyea wrote:
> On 10/26/2010 08:52 AM, Marcio wrote:
>
>
>
> > Hi there,
>
> > Running certutil -U -d 'dir of db on my profile' I can not see the
> > token and slot with my certificate.
>
> > I´m using:
>
>
On 10/26/2010 08:52 AM, Marcio wrote:
> Hi there,
>
> Running certutil -U -d 'dir of db on my profile' I can not see the
> token and slot with my certificate.
>
> I´m using:
>
> a) certutil (compiled as WIN954_64 with MSVC9 64)
> b) SafeSign (aetpkss1.dll) (64
Hi there,
Running certutil -U -d 'dir of db on my profile' I can not see the
token and slot with my certificate.
I´m using:
a) certutil (compiled as WIN954_64 with MSVC9 64)
b) SafeSign (aetpkss1.dll) (64 bits)
c) Gemplus Smart Cardd Reader
d) Windows Vista 64 Ultimate
but, usin
llows all of 7-bit ASCII.
For both, any character with the eighth bit set will be invalid.
A crash when meeting invalid data is always a bug, especially for a
security tool. Even if here it seem to only be a bug inside the certutil
tool, not inside the NSS library component themselves.
--
dev
On 26. 10. 2010 10:43, Jean-Marc Desperrier wrote:
Matej Kurpel wrote:
In the Type field for S:, O:, OU: and CN: I always provided 0x0c which
is utf-8 string, but in the certificate there was 0x13 - printable
string. After I changed it - voila, it's working in Thunderbird, and
certutil do
Matej Kurpel wrote:
In the Type field for S:, O:, OU: and CN: I always provided 0x0c which
is utf-8 string, but in the certificate there was 0x13 - printable
string. After I changed it - voila, it's working in Thunderbird, and
certutil doesn't crash anymore.
It sounds like a serious
a certificate from each client (which he has
> self-certified) on our Qpid broker machines using certutil.
I'm not familiar with Qpid. Does it use NSS?
certutil is very handy for maintaining databases used by NSS-based programs,
but those databases are not terribly useful for programs
that
using certutil.
One question now was whether we could store two certificates of one
client where
- the validity period of both certificates overlap
- the subject of the certificates are identical
I tested it and found that this is possible, even with identical
nicknames. I added the certificates wi
On 2009-10-20 21:11 PDT, ashwani saxena wrote:
> The objective is to build latest NSS/ NSPR/c-SDK so that "certutil"
> command can be used to create cert8.db file to add certificate into
> that. I built the following modules using MozillaBuild 1.4 on Windows
> platform.
&
Hi there,
Just to give you a brief about. The objective is to build latest NSS/
NSPR/c-SDK so that "certutil" command can be used to create cert8.db
file to add certificate into that.
I built the following modules using MozillaBuild 1.4 on Windows
platform.
1.Drectory - c-sdk - moz
Hi there,
Just to give you a brief about. The objective is to build latest NSS/
NSPR/c-SDK so that "certutil" command can be used to create cert8.db
file to add certificate into that.
I built the following modules using MozillaBuild 1.4 on Windows
platform.
1.Drectory - c-sdk - moz
On Thu, Sep 24, 2009 at 8:54 AM, Skellington wrote:
> Hello,
> I just came across a posting on certutil and what it can do. It's
> something we really need in order to install our root ca's certs.
>
> What I'm not finding is, do I need to build the whole NSS or can I
On 2009-09-24 08:54 PDT, Skellington wrote:
> Hello,
> I just came across a posting on certutil and what it can do. It's
> something we really need in order to install our root ca's certs.
>
> What I'm not finding is, do I need to build the whole NSS or can I
> ju
Hello,
I just came across a posting on certutil and what it can do. It's
something we really need in order to install our root ca's certs.
What I'm not finding is, do I need to build the whole NSS or can I
just build the certutil? Or, is there a binary distribuition for Mac,
On 2009-07-08 22:37 PDT, Michael Kaply wrote:
> I'm importing a code signing cert into my database using pk12util, but
> it gets assigned a random alias:
>
> e33eb463-ddba-4895-9469-bfdd01c71fe2
That's a Microsoft Windows GUID. The most likely cause of this is that
you exported the cert and pri
change the nickname (I was working
on one but got stuck backing up and restoring the trust bits...). Also,
if you import a certificate that has the same DN as pre-existing
certificate then no matter what nickname you assign with certutil (or
the friendly name from PKCS#12) it will get the same nick
at nickname you assign with certutil (or
the friendly name from PKCS#12) it will get the same nickname as
pre-existing certificate.
On to renaming...When you import a PKCS#12 file, NSS normally will use
the "friendly name" attribute of the cert/key as the nickname. I'm
gu
I'm importing a code signing cert into my database using pk12util, but
it gets assigned a random alias:
e33eb463-ddba-4895-9469-bfdd01c71fe2
Is there a way via the command line utilities to rename that to a more
human name?
I'm sure I did this in the past, but I can't find anything in the do
On Sat, May 16, 2009 at 4:23 AM, Nelson B Bolyard wrote:
> kashyap wrote, On 2009-05-15 00:57:
> > Hi,
> >
> > *-W* option(to change password of the key database) is not listed when
> > we do a certutil -H.
> >
> > But the functionality do wor
kashyap wrote, On 2009-05-15 00:57:
> Hi,
>
> *-W* option(to change password of the key database) is not listed when
> we do a certutil -H.
>
> But the functionality do work fine, if we try to change an existing
> password of the nss key database by using
> *certutil -
Hi,
*-W* option(to change password of the key database) is not listed when we
do a certutil -H.
But the functionality do work fine, if we try to change an existing password
of the nss key database by using
*certutil -W -d /home/user/.mozilla/firefox/xx.default/*
I observed this on version
hawkinsconsult...@googlemail.com wrote, On 2009-05-01 00:25:
> I am having a problem importing a certificate. I am using the
> following commands
> /blah/certutil -D -n "s1as" -d .
> /blah/certutil -A -n "s1as" -t "u,u,u" -d . -i /tmp/blah.cer
>
I am having a problem importing a certificate. I am using the
following commands
/blah/certutil -D -n "s1as" -d .
/blah/certutil -A -n "s1as" -t "u,u,u" -d . -i /tmp/blah.cer
The problem is that it will not import the certificate with the
trustargs u,u,u when I do a
This could be the release folder...I'll give it a try.
Nelson B Bolyard wrote:
David Tiertant wrote, On 2009-02-05 07:52:
Interestingly enough, when I tried to include -d, signtool refused to do
anything other than spit out its syntax help. The process runs when
removing -d. It ends in an err
C wanted, even though FF does not require them. Perhaps the customers
who are paying for that software should request that it be brought up to
date.
This request is officially in!
Unfortunately, the process is hardly automatic. InstallShield Support
tells me to download NSS, NSPR and extract the pa
are paying for that software should request that it be brought up to
date.
> Unfortunately, the process is hardly automatic. InstallShield Support
> tells me to download NSS, NSPR and extract the packages to the working
> directory (Netscape Certificate Path in the last screenshot) and
&
David Tiertant wrote, On 2009-02-05 07:52:
> Interestingly enough, when I tried to include -d, signtool refused to do
> anything other than spit out its syntax help. The process runs when
> removing -d. It ends in an error (as you stated, probably related to
> trust flags), but it runs. Could th
And now...
http://david.tiertant.com/installshield/007.jpg
This shows that I have to create the DBs using certutil -N -d . first or
I get the security authorization error when attempting to create the
certificate. So I delete the DBs, create new empty ones, then create a
certificate using
Interestingly enough, when I tried to include -d, signtool refused to do
anything other than spit out its syntax help. The process runs when
removing -d. It ends in an error (as you stated, probably related to
trust flags), but it runs. Could this be a bug in signtool? This is
shown below.
ht
ething is wrong with my settings and I'm having
some difficulty getting the certificate created manually, using certutil
and signtool.
I'm using NSS 3.6 because the InstallShield setup will look for cert7.db
instead of cert8.db. Newer versions of NSS create a cert8.db. I don't
know whi
and extract the packages to the working
directory (Netscape Certificate Path in the last screenshot) and
certutil and signtool will build the certificate in the same directory.
All I should have to do is specify basic info in these 3 Netscape fields
in InstallShield. InstallShield should take ca
ate a web installer for one of our
>> software packages. The installer for IE builds fine, but Firefox
>> requires a Netscape certificate. InstallShield is supposed to build this
>> automatically, but something is wrong with my settings and I'm having
>> some difficulty
but something is wrong with my settings and I'm having
> some difficulty getting the certificate created manually, using certutil
> and signtool.
> I'm using NSS 3.6 because the InstallShield setup will look for cert7.db
> instead of cert8.db. Newer versions of NSS c
tings and I'm having
some difficulty getting the certificate created manually, using certutil
and signtool.
- I'm running Windows XP
- I've downloaded NSS 3.6 and NSPR 4.6 from ftp.mozilla.org
- I've copied the files from these packages to my working directory,
C:\Program
build
this automatically, but something is wrong with my settings and I'm
having some difficulty getting the certificate created manually, using
certutil and signtool.
- I'm running Windows XP
- I've downloaded NSS 3.6 and NSPR 4.6 from ftp.mozilla.org
- I've copied the files
ving
some difficulty getting the certificate created manually, using certutil
and signtool.
- I'm running Windows XP
- I've downloaded NSS 3.6 and NSPR 4.6 from ftp.mozilla.org
- I've copied the files from these packages to my working directory,
C:\Program Files\InstallShield\2009\S
file othercerts.pem
then to import to NSS, this is usually enough:
pk12util -i file.p12 -d [cert/key db location]
then list the contents of your DB:
certutil -L -d [cert/key db location]
if you see 3 u's after the nickname then you did it right and the cert
AND key are there:
I must apologize; I was in error about keytool being able to
export a P12 file out of the JCE keystore - this cannot be
done by keytool yet - you can only import P12's in JDK6.
However, if you're still interested in keytool for generating
keys and certs, "keytool -help" or "man keytool" provide a
On 2 Dec, 22:11, Arshad Noor <[EMAIL PROTECTED]> wrote:
> I've never had to use ClientAuth with Sun's Directory Server,
> but here are some observations:
>
> 1) Keys are *never* stored in certN.db; they're always in keyN.db;
> only certificates are in certN.db. The association between the
>
ff wrote:
> i remembered what documentation instructed me to use $HOME/.netscape/
> cert7.db. it was sun's "Sun ONE Server Console 5.2 Server Management
> Guide". the chapter on "Using SSL and TLS with Sun ONE Servers":
>
> http://docs.sun.com/source/816-6704-10/ssl.html#22531
>
> "Copy the Ne
On Dec 3, 1:21 am, "fat.fuck" <[EMAIL PROTECTED]> wrote:
> On 3 Dec, 00:29, Eddy Nigg <[EMAIL PROTECTED]> wrote:
>
>
>
> > On 12/03/2008 02:20 AM, fat.fuck:
>
> > > i didn't explicitlly supply the certs' private key file location to
&
fat.fuck wrote:
> first off: i am but a humble java programmer by trade; not a sysadmin;
> nor a network guy. so a lot of nss tool-related stuff is a foreign
> language to me. please, help a certutil rookie make sense of the
> world?
Welcome.
> using openssl, i created a self
On 3 Dec, 00:29, Eddy Nigg <[EMAIL PROTECTED]> wrote:
> On 12/03/2008 02:20 AM, fat.fuck:
>
>
>
> > i didn't explicitlly supply the certs' private key file location to
> > the certutil command line when i added the certs to cert7.db
> > (although,
On 12/03/2008 02:20 AM, fat.fuck:
i didn't explicitlly supply the certs' private key file location to
the certutil command line when i added the certs to cert7.db
(although, the private key .pem files were in fact in the same
directory as the .pem cert files when i ran the certut
so a lot of nss tool-related stuff is a foreign
> >> language to me. please, help a certutil rookie make sense of the
> >> world?
>
> >> i'm experimenting with using client authn between a command-line
> >> ldapsearch client (for this experiment, the one tha
fat.fuck wrote:
On Dec 2, 8:59 pm, "fat.fuck" <[EMAIL PROTECTED]> wrote:
first off: i am but a humble java programmer by trade; not a sysadmin;
nor a network guy. so a lot of nss tool-related stuff is a foreign
language to me. please, help a certutil rookie make sense of
I've never had to use ClientAuth with Sun's Directory Server,
but here are some observations:
1) Keys are *never* stored in certN.db; they're always in keyN.db;
only certificates are in certN.db. The association between the
key and the cert is made via the cert's nickname (in your case:
On Dec 2, 8:59 pm, "fat.fuck" <[EMAIL PROTECTED]> wrote:
> first off: i am but a humble java programmer by trade; not a sysadmin;
> nor a network guy. so a lot of nss tool-related stuff is a foreign
> language to me. please, help a certutil rookie make sense of the
>
first off: i am but a humble java programmer by trade; not a sysadmin;
nor a network guy. so a lot of nss tool-related stuff is a foreign
language to me. please, help a certutil rookie make sense of the
world?
i'm experimenting with using client authn between a command-line
ldapsearch c
I will defer to your experience in the war-stories you've heard, Nelson.
You've certainly seen a lot more people do stupid things in this area
than I have, I'm sure. I tend to get involved only when people want to
do PKI the right way :-).
I am a strong believer that educating the general masses
Arshad Noor wrote, On 2008-06-23 15:58:
> Nelson,
>
> I think you may want to qualify your message in this paragraph, so as
> to not mislead people who don't understand PKI very well.
Arshad:
I want people who don't understand PKI very well to get one message,
loud and clear: Don't try to make
ainst the use of certutil (or any tool that produces self-signed
> certificates) for certificate issuance in production environments. The
> page is explaining how to setup a very small scale CA using certutil for
> use in very small scale test environments. The warning is intended to be
> &q
.db and key3.db files that
> will trust the certificate of the LDAP server. In my development
> environment, certutil and pk12util do that quite nicely. But some
> customers may prefer to use a full-scale PKI instead in their production
> environments.
>
> Also, in
LDAP server. In my development environment,
certutil and pk12util do that quite nicely. But some customers may prefer
to use a full-scale PKI instead in their production environments.
Also, in the NSS documentation at
http://www.mozilla.org/projects/security/pki/nss/ref/ssl/gtstd.html#1011987
I
aahh that's exactly what I thought. I was suspecting step 5 is an
no-op! Thanks for your confirmation!
I also learned something new too. I didn't know you can use certutil
to expert a certificate to pem format.
Thanks!
On Apr 10, 12:50 am, Nelson Bolyard <[EMAIL PROT
beyonddc wrote, On 2008-04-09 09:43:
> Hi group,
>
> I have some question about certutil.
>
> When you create an individual certificate and add it to a certificate
> database with the "-S" command, does it also generate key pair for
> you?
Yes.
> I'
Hi group,
I have some question about certutil.
When you create an individual certificate and add it to a certificate
database with the "-S" command, does it also generate key pair for
you?
I'm following the instruction in "Red Hat Directory Server 7.1
Administrator Guide
Hi Dave,
thank you for your help. I solved the problem by retyping the command. I don't
know why, but it works now. And i currently work on the alternative solution
with JSS.
ron
Dave worte:
> Ron Lu wrote:
> > Hi,
> > i tried to use the methode exec from the Class Run
Ron Lu wrote:
> Hi,
> i tried to use the methode exec from the Class Runtime to run certutil in
> java. The function of listing all certificates in a certain db(-L -d C:\test)
> works well. However, i cannot add any cert to the db, although it works when
> i do this from the com
1 - 100 of 144 matches
Mail list logo
