Very good! I can write a little code to do that!
Thanx On Thu, Aug 25, 2011 at 05:24:14PM -0400, Crypto Sal wrote: > You typically import certs through the Firefox certificate manager found > via "Edit -> Preferences -> Adv. -> Encryption -> View Certificates". It > should be self explanatory from here. The only other question that > remains is which Root CA. That can only be done by reading the > certificate hierarchy that is presented by the bank's server, which it > should provide you upon making an s_client connection. > > > > On 08/25/2011 05:15 PM, t...@terralogic.net wrote: > > I know the theory. I'm also a programmer. I just never bothered to > > install a root cert before. But I do know how to make them. > > > > I'll dig around in FireFox and see where it is and how its done. > > > > As for the bank. We build it and they break it. Not my fault. > > > > > > On Thu, Aug 25, 2011 at 01:51:01PM -0700, Craig White wrote: > >> the answer lies with the people who wrote the software for the certificate > >> store since the whole point is trust. > >> > >> If users could manipulate the root certificate store, then it would be > >> impossible to trust anything. > >> > >> Generally, you can add certificates by double clicking them and choosing > >> the correct answer (where to store, how much to trust) > >> > >> You can open 'keychain access' on a Macintosh or use Windows MMC to delete > >> certificates. > >> > >> Banks are entirely sensitive to the issue of SSL and Certificates - they > >> have to be. If your computer doesn't automatically trust your bank's > >> certificates, then you either need to fix your computer or get a new bank. > >> > >> The real answer to your problem is this... If you can't trust the root > >> certificates that are part of your OS, then copy everything off the hard > >> drive and re-install a fresh copy of your OS. That is the only way you can > >> trust that your root certificates do what they are supposed to do. > >> > >> Craig > >> > >> On Aug 25, 2011, at 1:28 PM, t...@terralogic.net wrote: > >> > >>> I already know its my certificate store. I only asked how to load in > >>> their noew root cert > >>> > >>> On Thu, Aug 25, 2011 at 01:09:20PM -0700, Craig White wrote: > >>>> Go to an entirely different computer and try accessing - you will know > >>>> if it's your computer or their certificates. > >>>> > >>>> If it's your computer, it's either your browser or your OS Certificate > >>>> store (Windows and Macintosh use entirely different methods to > >>>> accomplish). > >>>> > >>>> Firefox uses it's own certificates... if it's Firefox on your > >>>> computer... uninstall it completely and re-install it. > >>>> > >>>> If it's Chrome, Safari or Internet Explorer, it uses the OS certificate > >>>> store and you will probably need to get the OS to update the Root > >>>> Certificates. > >>>> > >>>> This is all pretty much beyond what a user can manage but some users can > >>>> manage them, but this is the wrong list... it would be an OS problem. > >>>> > >>>> Craig > >>>> > >>>> On Aug 25, 2011, at 12:06 PM, t...@terralogic.net wrote: > >>>> > >>>>> TDWaterhouse In Canada. I'm in Calgary. THose idjots tell me to > >>>>> reboot my computer when their Apache servers in TO send me a > >>>>> misconfiguration message. I told them yesterday we build it and you > >>>>> break it. Something is desperatly wrong. > >>>>> > >>>>> > >>>>> On Thu, Aug 25, 2011 at 02:10:11PM -0400, Crypto Sal wrote: > >>>>>> Firefox has its own certificate store. It doesn't share > >>>>>> '/etc/ssl/certs'. > >>>>>> > >>>>>> If we had the bank URL, we would be able to better help you to resolve > >>>>>> this issue. > >>>>>> > >>>>>> > >>>>>> On 08/25/2011 01:45 PM, t...@terralogic.net wrote: > >>>>>>> I know you are trying to help. But it doesn't help me to defer to a > >>>>>>> package manager because I'm trying to fix what the last package > >>>>>>> managers screwed up. > >>>>>>> > >>>>>>> On Thu, Aug 25, 2011 at 04:09:44AM -0500, Michael S. Zick wrote: > >>>>>>>> On Wed August 24 2011, t...@terralogic.net wrote: > >>>>>>>> Top posting to a hijacked thread is not the way to get > >>>>>>>> a quick and useful reply. > >>>>>>>> Next time, start your own. Mailing list threads are cheap. > >>>>>>>> > >>>>>>>>> I see my bank has an invalid cert. Likely I have an old cert > >>>>>>>>> chain. I'm running Debian Linux and firefox. > >>>>>>>>> > >>>>>>>> Use anyone of the distribution provided package managers to download > >>>>>>>> and > >>>>>>>> install the most recently released package of certificates. > >>>>>>>> > >>>>>>>>> Can anyone tell me where to install a valid root cert? Like what > >>>>>>>>> directory? > >>>>>>>>> I would think the bank should be able to provide the root of the > >>>>>>>>> chain. > >>>>>>>>> I'll need to know SPECICALLY what to ask them for. > >>>>>>>>> > >>>>>>>> Asking the operator of the site you wish to authenticate for the > >>>>>>>> certificate > >>>>>>>> is similar to asking the Fox to guard your Chicken House. > >>>>>>>> > >>>>>>>> Get the root certificate from an "independent", trusted, source. > >>>>>>>> Using your distribution's package management will take care of that > >>>>>>>> concern. > >>>>>>>> > >>>>>>>>> I've created my own certs of course but just not recently. > >>>>>>>>> Also I never tried to install the CA cert for firefox. > >>>>>>>>> > >>>>>>>> Your distribution's package manager already has that handled. > >>>>>>>> All you have to do is use it. > >>>>>>>> > >>>>>>>> Mike > >>>>>>>> ______________________________________________________________________ > >>>>>>>> OpenSSL Project > >>>>>>>> http://www.openssl.org > >>>>>>>> User Support Mailing List > >>>>>>>> openssl-users@openssl.org > >>>>>>>> Automated List Manager > >>>>>>>> majord...@openssl.org > >>>>>>> ______________________________________________________________________ > >>>>>>> OpenSSL Project http://www.openssl.org > >>>>>>> User Support Mailing List openssl-users@openssl.org > >>>>>>> Automated List Manager majord...@openssl.org > >>>>>>> > >>>>>> ______________________________________________________________________ > >>>>>> OpenSSL Project http://www.openssl.org > >>>>>> User Support Mailing List openssl-users@openssl.org > >>>>>> Automated List Manager majord...@openssl.org > >>>>> ______________________________________________________________________ > >>>>> OpenSSL Project http://www.openssl.org > >>>>> User Support Mailing List openssl-users@openssl.org > >>>>> Automated List Manager majord...@openssl.org > >>>> -- > >>>> Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.wh...@ttiltd.com > >>>> 1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com > >>>> > >>>> Need help communicating between generations at work to achieve your > >>>> desired success? Let us help! > >>>> > >>>> ______________________________________________________________________ > >>>> OpenSSL Project http://www.openssl.org > >>>> User Support Mailing List openssl-users@openssl.org > >>>> Automated List Manager majord...@openssl.org > >>> ______________________________________________________________________ > >>> OpenSSL Project http://www.openssl.org > >>> User Support Mailing List openssl-users@openssl.org > >>> Automated List Manager majord...@openssl.org > >> -- > >> Craig White ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ craig.wh...@ttiltd.com > >> 1.800.869.6908 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ www.ttiassessments.com > >> > >> Need help communicating between generations at work to achieve your > >> desired success? Let us help! > >> > >> ______________________________________________________________________ > >> OpenSSL Project http://www.openssl.org > >> User Support Mailing List openssl-users@openssl.org > >> Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org