how would one generate a certificate programmatically using JSS or NSS, considering Netscape provides the server only with the SPKAC and not a raw PKCS 10 csr or a raw public key?
can i extract the public key from the SPKAC programmatically using something already out there? thanks a lot, Ron "Nelson B. Bolyard" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Scott Drumm wrote: > > > > > Am I correct in believing there was no http server involved? > > > You simply used a file:/// URL to read the cert file?? > > > > Correct. There was no web server active, just pointed Mozilla at the file > > and loaded it. > > > > > What version of windows are you using? > > > > Win98 SE > > > > > Finally, does the CA cert show up in N6's cert manager under "web sites" > > ?? > > > > Nope. > > OK, I believe the following steps will enable you to import a CA cert > into your browser, and will not mess up any windows 9x software. > The instructions below will say N6, but should work for mozilla too. > I don't recommend this on any newer version of Windows than Win98 SE. > > What we're going to do is define a new file name extension (namely .cacert) > in N6 and associate it with the MIME content type application/x-x509-ca-cert. > > There are numerous different ways to try to do this, including > - using N6 preferences for "helper applications" > - using Windows Explorer's "Folder options" window (not an option in Win2K > and later versions because they don't let you edit MIME content types) > - using Netscape Communicator 4.x's preferences for helper applications > - using regedit (ick!) > We'll try using n6 preferences first. > > Once that's done, you just change the file name extension of the file with > your CA cert to .cacert and access with your browser's file: URL, and it will > (er, should) import into the browser. > > The following steps should do this. > > 1. In N6, bring up the preferences window. > 2. Under the "Navigator" preferences, you'll find "Helper Applications". > Click on that. > 3. Click the "New Type" button. > > 4.1. In the "New Type" box, enter the following values: > > Description of Type: CA Certificate > File extension: .cacert > MIME type application/x-x509-ca-cert > > 4.2. Click the "Choose" button, and a "Choose Application Helper" dialog > box (which looks strangely like a "File Open" dialog box) will appear. > Find the executable for your browser, click it, and click the "Open" button. > > 4.3 The pathname of your browser will now appear in the "Application to Use" > box in the "New Type" dialog. Edit it. Put Quote marks around it (if they're > not already there) and add "%1" (with the quotes) onto the end, so it looks > something like this: > "C:\Program Files\...\netscp6.exe" "%1" > > 4.3 Click OK to dismiss the "New Type" box. > > 5. Rename your cert file to end in .cacert > > 6. use the file:/// URL to open the .cacert file, and > > 7. Tell us if that does it for you (or not). > If that doesn't do it, we'll try one of the other means noted above. :-) > > What should happen is that when you try the file URL, you should get a new > "Downloading Certificate" dialog from the browser that begins with the > words "You have been asked to trust a new Certificate Authority (CA)." > You should check one or more of the check boxes, and click OK. > > If something else happens, let us know. > > -- > Nelson Bolyard > Disclaimer: I speak for myself, not for Netscape
