Include corporate CA certs in Mozilla distribution

[Ray Charbonneau]

We run our own Netscape CA, and have included the appropriate certs in 
our Netscape 4.7x installation package.  These certificates appear in 
the Mozilla Certificate Manager when I upgrade a profile from Netscape 
to Mozilla.

How can I include these certs in new profiles created with Mozilla? 
Where is the default cert#.db stored, and how can I update (or replace) it?
--
Thanks,
Ray Charbonneau
R107 - Enterprise Desktop Solutions
The MITRE Corporation

Re: Include corporate CA certs in Mozilla distribution

[Julien Pierre]

Ray,

Ray Charbonneau wrote:

We run our own Netscape CA, and have included the appropriate certs in 
our Netscape 4.7x installation package.  These certificates appear in 
the Mozilla Certificate Manager when I upgrade a profile from Netscape 
to Mozilla.

How can I include these certs in new profiles created with Mozilla? 
Where is the default cert#.db stored, and how can I update (or replace) it?

There is no default cert DB.
The certs are stored in a PKCS#11 module called the built-in module.
See mozilla/security/nss/lib/ckfw/builtins . The library makes the certs 
available, as well as the default trust.
You could distribute your certs by modifying that library, or creating 
your own copy containing only your corporate cert and its trust.
It is probably simpler to chain your corporate CA to a known root, however.