Re: CERT advisory CA-2003-26: Vulnerability in SSL
Nelson B wrote: The above comment was intended to mean (I believe) that you will be prompted for the SAME password rather more frequently than in non-FIPS mode. Too bad. I know some people who would find an interesting feature to have one password per key. Maybe this could done by creating one token per key, but it's more a hack and maybe not manageable. ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Getting a cert7.db format file from modern tools? What format for importing root CA into Netscape 7?
Hi all, Newbie question here similar to what someone else asked way back in October around client side support for cert7.db formatted files. To add another trick, I am running in a situation where I will use a self-signed cert and self-signed Root CA for a demo domain that I have. I have an application (OK, it's the Solaris 9 SSL-enabled Native LDAP client for native OS authentication) that requires a copy of the server's root CA and server's SSL cert via the following three files : cert7.db, key3.db and secmod.db . All 'current' NSS and NSPR releases (3.7.x at least and above) only issue cert8.db files. So, two questions please : * Is it possible to convert a cert8.db into a cert7.db , or at least extract what I need out of it? * What version of NSS (and NSPR) is needed to generate cert7.db formatted files ? Also, indeed older versions of Netscape generate these files as well, but how do you get the root CA into the browser's list ? * Do you use 'certutil -A' with a copy of an existing cert7.db file, or can you import the root CA from disk if it's in the correct format (which format? PKCS #12, DER or what?) Thanks! Please reply ASAP and CC my E-mail address. Mark Thacker [EMAIL PROTECTED] ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: Getting a cert7.db format file from modern tools? What format for importing root CA into Netscape 7?
Mark, Mark Thacker wrote: So, two questions please : * Is it possible to convert a cert8.db into a cert7.db , or at least extract what I need out of it? No program exists to do that, only in the other direction. * What version of NSS (and NSPR) is needed to generate cert7.db formatted files ? NSS 3.6 or earlier will read/write cert7.db databases. Also, indeed older versions of Netscape generate these files as well, but how do you get the root CA into the browser's list ? You can load the file as a .DER or .CER file, and the browser will prompt you for trust settings. Most independent CAs will provide you with an HTTP link you can click to add their root CA to your browser. * Do you use 'certutil -A' with a copy of an existing cert7.db file, Yes, that would be one way to do it. can you import the root CA from disk if it's in the correct format (which format? PKCS #12, DER or what?) DER format. ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
