Hi all, In a script, I need to know what the “best” certificate is in the NSS database for a given host.
The “best” certificate is - A valid certificate by all the usual definitions of valid; and - Matches the hostname provided either by using the subject or the subjectAltName (with optional wildcards); and - (to break ties) Has the longest validity. From what I can see certutil can’t do this. Is there an alternative tool I should be using? If no tool exists, is there a corresponding API call in the NSS API that will return a certificate (or certificates) as per the definition above? If so I can put together a patch. Regards, Graham — -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
