I've seen various posts about people trying to export and import certificates from and to the NSS certificate store. I have some vague memories of questions asking whether or not platform specific cert stores could be used, but AFAIK there has been no real work done about this.
I'd like to know if anyone is actually working on this, or maybe even gotten some sort of solution?
The format Mozilla/NSS understands is pkcs#11. If you can get a pkcs#11 layer around your store, you're done.
There are some experiments around to build a pkcs#11 layer around Microsoft CAPI. Or turn a pkcs#11 module into Microsoft CAPI CSP.
I understand several large organizations face big problems with software that ships with their own certificate stores, and would like to use the platform store for everything.
I agree with that. It would be definitively better for Firefox to integrate with the OS's certificate store.
That means Microsoft CAPI under Windows, CDSA/CSSM for Mac OS X, but there's just nothing available under Linux. If the NSS store could be accessed from multiple processes (and if gecko based browsers could be compiled to use the system NSS instead of their own), it could fill that void easily.
_______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
