Michael Ströder wrote:
Any list of fingerprints of the CA certs therein one could obtain
(out-of-band)? Going to all the CA's web sites will not be overly effective I
guess... :-/
We have SHA-1 fingerprints for a number of included roots on the
included page:
http://www.mozilla.org/projects/security/certs/included/
The underlying source for this is an XML file, so it should be
reasonably straightforward to parse.
The page above is not complete. However Kathleen Wilson is working on
doing a complete list of all roots included in NSS (and thus in Firefox,
et.al.):
http://www.mozilla.org/projects/security/certs/BuiltIn-CAs/
She did not include fingerprints in that list, but it sounds like a
reasonable thing to add. I suggest bringing this up in the discussion
thread about this:
http://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/791684fa7b490e96#
Also, like the list above this list is generated from an XML file.
Frank
--
Frank Hecker
hec...@mozillafoundation.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto