Ray, Ray Charbonneau wrote:
We run our own Netscape CA, and have included the appropriate certs in our Netscape 4.7x installation package. These certificates appear in the Mozilla Certificate Manager when I upgrade a profile from Netscape to Mozilla.There is no default cert DB.
How can I include these certs in new profiles created with Mozilla? Where is the default cert#.db stored, and how can I update (or replace) it?
The certs are stored in a PKCS#11 module called the built-in module.
See mozilla/security/nss/lib/ckfw/builtins . The library makes the certs available, as well as the default trust.
You could distribute your certs by modifying that library, or creating your own copy containing only your corporate cert and its trust.
It is probably simpler to chain your corporate CA to a known root, however.
