indeed, in the thread youm mentioned below, "tmountjr" seems to have the same needs as mine -> pushing a cert8.db containing our own CA to users, but although he "succeeded", I'm sorry , but I did not understand clearly how it could be done, tmountjr further details greatly appreciated ...
However, I'am surprise there's no easy way to tell Firefox in a preference (pref.js ?) to look for cert8.db in a common place for everyone logging to the station (these are shared stations for hundreds of students ) . With the new security scheme of FF3, I supose most institution, university etc .. need to push their own CA in FF3, how others did ? Thanks for further help . David Stutzman a écrit : > You may find this recent thread informative: > http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thr > ead/5885eb5986864447 > > Dave > > >> -----Original Message----- >> From: >> [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] >> > la.org] On Behalf Of jehan procaccia > >> Sent: Wednesday, July 16, 2008 12:10 PM >> To: [email protected] >> Subject: distribute our CA to users >> >> hello, >> >> I found from >> http://www.mozilla.org/projects/security/pki/nss/tools/certuti >> l.html how >> to import our CA (Internal PKI) in firefox3. >> Now I want to distribute cert8.db and key3.db to all new >> users and also >> to current users who already have a profile. >> How can I do that ? >> When a user first start firefox , a profile is create in it's >> ~/.mozilla/firefox/y9f0c08g.default, then cert8.db, key3.db and >> secmod.db are pushed there, but where is the source of these files so >> that I can modify them before they are pushed ? I did notices >> in linux >> /etc/pki/nssdb, put after changed them , they were not those >> one pushed >> on a new user mozilla profile :-( >> How will I do for current users who already have a profile ? >> >> Better solution will be to set this with autoconfig >> (http://developer.mozilla.org/en/docs/MCD,_Mission_Control_Des >> > ktop_AKA_AutoConfig) > >> If there is a preference (pref.js) directive that set the path to >> cert8.db, I would point it to a central cert8.db on the >> shared stations ! >> But from http://preferential.mozdev.org/preferences.html I've >> only seen >> that preference "security.default_personal_cert" and it >> doesn't seem to >> be the correct one :-( . >> >> any help will be greatly appreciated . >> Thanks. >> >> PS: I will also have to do that on windows ... >> I wrote (In french) a doc on how i've imported our CA in cert8.db : >> http://www-public.it-sudparis.eu/~procacci/wiki/bin/view/Docum >> > entations/MozillaCertutils > >> _______________________________________________ >> dev-tech-crypto mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-tech-crypto >> >> > _______________________________________________ > dev-tech-crypto mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
