Ray,
Ray Charbonneau wrote:
We run our own Netscape CA, and have included the appropriate certs in
our Netscape 4.7x installation package. These certificates appear in
the Mozilla Certificate Manager when I upgrade a profile from Netscape
to Mozilla.
How can I include these certs in new profiles created with Mozilla?
Where is the default cert#.db stored, and how can I update (or replace) it?
There is no default cert DB.
The certs are stored in a PKCS#11 module called the built-in module.
See mozilla/security/nss/lib/ckfw/builtins . The library makes the certs
available, as well as the default trust.
You could distribute your certs by modifying that library, or creating
your own copy containing only your corporate cert and its trust.
It is probably simpler to chain your corporate CA to a known root, however.