Hey Guys, I've got a problem help China Construction Bank(CCB for short) support Firefox. CCB has its own CA root, used to issue certificate to his users, and they issued some server cert using this cert. And they want to put their CA Root certificate into Firefox, so that there will be no alert popup in the certificate generate process and no security alert when users access their website. And here comes the questions
1. Right now, we are trying to use certutil.exe in their USB-Key driver installer to do that. However, one of my colleague seems to have some problem build the certutil.exe in visual studio 2005. And sometimes, it fails to run on some machine. I tried to find a stable version of that tool through google, but I failed. Is there any stable version of certutil I can download, that will work on most version of windows? Or why is it so hard to build, is there some way to make it better? 2. Since the certutil.exe solution did not went very well, we think maybe we could embed their CA cert in our Firefox China Edition. According to my knowledge, at least half of the population in China are CCB bank users, and cannot access online bank is our major problem in China, so we think this make sense. We can make an addon to do that, but it occurred to us that an addon is so open, that anyone that knows where it is can change the cert, or do something else dangerous. So, is there a better way to put the cert in? Maybe through a binary XPCOM is better? 3. Is it possible to put the bank's CA cert in firefox's default cert db? So that we don't need to worry about security problems... Thanks for your patience and Looking forward to your reply. Amax
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto