Athar Mahboob wrote: > I have been generating ECC based X509 certificates > using OpenSSL 0.9.8. > > When I try to install the certificates in Firefox or > thunderbird or mozilla it only shows up as a "Status > Responder Certificate" rather than a "SSL Certificate > Authority" certificate. Consequently client > certificates signed by the CA also do not install as > "Your Certificates" but would only install in "Other > Websites" and woudl no be usable for S/MIME as such > for which they were generated.
A cert only shows in "Your Certificates" if the browser has the private key that goes with the certificate. It's only "yours" if you have the private key for it. A cert only shows in the list of authorities/issuers if it has the right extensions to enable it to be a CA. If it doesn't look like a CA cert or an email cert, it winds up in the SSL server cert category. > I even tried certificates generated using the ECC > Certification Authority at > http://www.secg.org/?action=secg,project_ca issued > certificates but the same thing happens. > > We have NSS 3.9 and have enabled the ECC in the build. How about PSM? (the crypto GUI part of mozilla products)? Is it enabled there? > RSA based certificates install with no such issues in > teh same set up. > > Could any one please advise. The ECC code is disabled by default for several reasons. One of them is that it isn't necessarily complete yet. > Best regards. > > Athar Mahboob -- Nelson B _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
