Re: How could I add a root certificate to firefox

Wed, 14 Apr 2010 05:59:06 -0700 

Hello there,

It's great to see this work progressing!
For technical questions about the behaviour of our crypto code, you are more likely to find help in the mozilla.dev.tech.crypto newsgroup than you are here in mozilla.dev.security. 

I suggest repeating your question there.

Cheers,

Johnathan

On 4/14/2010 5:22 AM, wei deng wrote:

  Hi,
     I am an engineer working in mozilla China, I'm going to provide a solution 
for Chinese banks which support IE only in China now.
     The problem I met is that:
     There are many vendors who supply smart-cards for banks, they have 
implemented the pkcs#11 modules(maybe implemented most parts of pkcs#11).There 
are two kinds of certificates in the smart-card, one for personals, and one for 
bank which should be added to the clients' trusted certificates list. We can 
add their pkcs#11 security module into the secmod.db which is done by an 
installer made by banks. So, when starting Fx, it loads all the security 
modules in the secmod.db and load certificates into certificates list through 
PKCS#11 APIs aotumatically. Then we can see the security modules in the Fx 
security devices list and the personal certificat in the certificates list.
     I am not familiar with the PKCS#11 APIs, maybe they did not implenment 
some, so Fx could not load the certificat for bank into the trusted 
certificates list.
     We can get the certificate for bank now, how to load it into Fx as root 
certificate by other programme, not automatically?

     I have read the file of "cert.h", there is a function prototype
  SECStatus CERT_ImportCerts(CERTCertDBHandle *certdb, SECCertUsage usage,  
unsigned int ncerts, SECItem **derCerts,
    CERTCertificate ***retCerts, PRBool keepCerts,  PRBool caOnly, char 
*nickname);

    Could I invoke it to solve the problem ?
    But the page https://developer.mozilla.org/en/NSS/Certificate_functions 
said the function is not available,I am very confused.

    Could you give me some advices?

    Best Wishes
         wdeng
         2010.04.13
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security

_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security

Reply via email to