Assuming that you have an X.509 certificate in either Base64 or DER format, you can use the nsIX509CertDB.importUserCertificate() method: http://www.xulplanet.com/references/xpcomref/ifaces/nsIX509CertDB.html#method_importUserCertificate. Notice that, this method expects that the private key for the certificate is already in the certificate DB.
After importing the certificate, follow the lines 330-333 of the following link to update Certificate Manager GUI of Mozilla PSM: http://lxr.mozilla.org/mozilla1.8.0/source/security/manager/pki/resources/content/certManager.js#329 Here is the link to the IDL file and C++ implementation of the importUserCertificate() method: http://lxr.mozilla.org/mozilla1.8.0/source/security/manager/ssl/public/nsIX509CertDB.idl#187 http://lxr.mozilla.org/mozilla1.8.0/source/security/manager/ssl/src/nsNSSCertificateDB.cpp#805 BTW, if you also want to avoid using the certutil, then you can try our KeyManager tool: https://addons.mozilla.org/en-US/firefox/addon/4471 -- Subrata [EMAIL PROTECTED] wrote: > I'm having a tricky problem. What I am trying to do is to add an > object signing certificate to the NSS database. This can be done using > certutil, yes. But this is a xulapp that uses nsINSSCertCache, which I > fear is causing problems. > > I need to know how to import object signing certificates to the > database using nsIX509CertDB. Currently I am calling certdb directly, > by creating a nsIProcess and calling the executable. > > This is not having the desired effect. The consequence is that the > database changes the certificate from 'u,u,u' to ',,,' when doing a > certuil -L. Which causes the certificate not to show up, and a host of > other problems that can be only solved by deleteing the profile. > > The only way I have managed to get it to work is by adding my > certificate right after creating a certificate request, shutting down > my xulapp, relaunching and readding the certificate, shutting down and > relaunching again. Obviously, this is not very desirable for my users. > I don't know why this particular set of steps fixes it, but it does. > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
