I'm quite sure that the certificate should be trusted. I forgot to write
it, but i actually found it using certutil in the CERT DB provided by
"roots cert" module:
certutil -L -d DB_dir -h all | grep 'root_cn'
Returns the certificate with trusted flags C,C,C. So i think it means it's
already trus
As an aside, I would strongly advise you to use the first method - put
the root CA in your cert DB, ahead of time, prior to starting your
applications.
Dynamically and blindly trusting a root CA, especially one received over
a network, is asking for trouble and a big security no-no.
You should n
Nicholas,
Your root certificate needs to be trusted. Self-signed is fine, but you
still need to trust it.
It would either need to be present in your cert DB, with the proper
trust flag, or you would need to dynamically set the trust on that root
certificate using the API .
You can use CERT_
OpenSSL has a s_client command that allows you to pull the certificates a
web page sends and verify the chain of trust against whatever root CA store
OpenSSL is using. Is there a way to do something similar for NSS? i.e. pull
the certificates a web page sends and validate them against the curren
I go on with my investigation, and I find that error -8172 should be
related to the fact that the root certificate is self-signed, even if it's
in the trust store contained in Root Certs module. Indeed, I search through
the reference SEC_ERROR_UNTRUSTED_ISSUER, and I find this error seems to be
set
5 matches
Mail list logo