Hey Guys,
I've got a problem help China Construction Bank(CCB for short) support
Firefox. CCB has its own CA root, used to issue certificate to his users,
and they issued some server cert using this cert. And they want to put their
CA Root certificate into Firefox, so that there will be no alert popup in
the certificate generate process and no security alert when users access
their website. And here comes the questions
1. Right now, we are trying to use certutil.exe in their USB-Key driver
installer to do that. However, one of my colleague seems to have some
problem build the certutil.exe in visual studio 2005. And sometimes, it
fails to run on some machine. I tried to find a stable version of that tool
through google, but I failed. Is there any stable version of certutil I can
download, that will work on most version of windows? Or why is it so hard to
build, is there some way to make it better?
2. Since the certutil.exe solution did not went very well, we think
maybe we could embed their CA cert in our Firefox China Edition. According
to my knowledge, at least half of the population in China are CCB bank
users, and cannot access online bank is our major problem in China, so we
think this make sense. We can make an addon to do that, but it occurred to
us that an addon is so open, that anyone that knows where it is can change
the cert, or do something else dangerous. So, is there a better way to put
the cert in? Maybe through a binary XPCOM is better?
3. Is it possible to put the bank's CA cert in firefox's default cert
db? So that we don't need to worry about security problems...
Thanks for your patience and Looking forward to your reply.
Amax
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
