So easy! Thanks, Nelson.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
My domain name is hosted at lunarpages.com; when I access my e-mail,
Thunderbird presents an error dialog entitled "Security Error: Domain
Name Mismatch". The text is:
"You have attempted to establish a connection with byandlarge.net.
However, the security certificate presented belongs to
lib
Some more information:
I notice that in one scenario, the one where the private key is marked
'not available' in ProtectTools, there appears a button in the
Certificate Viewer, labelled 'Install Certificate...'.
Naturally, I push the button.
I am led through the Certificate Import Wizard, wh
Peter Djalaliev wrote:
...It seems
that all private keys (thank you for the correction here) generated in
the TPM never leave it, unless they are marked as migratable and are
migrated to another TPM. The corresponding public keys can be exported
In support of your conclusion: the ProtectTools
Nelson Bolyard wrote:
A week after applying for his certificate, he download the certificate
onto the same desktop box where he had generated the CSR, which combined
the cert and private key in the same mozilla softoken module. Then he
"exported" the cert and private key into a PKCS#12 file, whi
Thanks for doing some research on this, Peter. I am comforted by the
participation of several dedicated and generous souls in the
investigation of this problem.
It is currently 9:20 pm here in Sydney; I will attempt to contact a
techie at HP tomorrow, to see if I can get some answers.
I post
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\>certutil -L -h "Embedded Security Chip" -d X:/ThunderbirdProfile
Enter Password or Pin for "Embedded Security Chip":
Embedded Security Chip:David Michael Pinn's eSign Australia ID u,u,u
Embedded Security Chip:Davi
I need to clarify something: there are two states in which I can have my
notebook (the one with the TPM):
1. Certificates directly (via ProtectTools import function) and fully
(the icons indicate that private keys are available) imported into the
TPM. This is the state in which I found my mach
Nelson B wrote:
So, assuming that you're the first of many future HP TPM users, please help
us to understand exactly how you got that private key in the first place.
With pleasure:
On a desktop PC, I opened Mozilla Firefox, and navigated to
http://www.verisign.com.au/gatekeeper/individual.sht
Arshad Noor wrote:
You may have been a little hasty, Dave.
It wouldn't be the first time, Arshad.
I suspect you've deleted the Private Key from the TCP chip.
Hmm. I think you may be right.
But if you did delete it from ProtectTools, where did you find a
certificate to import it into Thund
I am very excited to report that I managed to find a solution, although
why it worked remains a mystery.
I deleted my certificate from ProtectTools; I then imported it into
Thunderbird, selecting "Embedded Security Chip" as the token. Simple,
huh? Why didn't I try that earlier, I ask myself.
Is there a Mozilla utility with which I can attempt to import a
certificate *into* my PKCS#11 module?
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Nelson Bolyard wrote:
Try
certutil -L -h all
to get a list of all certs in all slots.
X:\ThunderbirdProfile>certutil -L -h all -d .
Enter Password or Pin for "Embedded Security Chip":
Gatekeeper Root CA - eSign Australia CT,C,C
Gatekeeper Grade 3 Individual CA - eSig
I ran certutil -L, which produced the following output (some lines
deleted to protect my privacy):
Gatekeeper TYPE 3 CA - eSign Australia CT,C,C
Gatekeeper Grade 3 Individual CA - eSign Australia CT,C,C
Gatekeeper Root CA - eSign Australia
I created the .netscape directory, and plonked into it the following
files from my Thunderbird profile directory:
1. cert8.db
2. key3.db
3. secmod.db
I then ran modutil -list, which produced the following output:
Listing of PKCS #11 Modules
Nelson B Bolyard wrote:
...
1) use modutil to get a listing of all the PKCS#11 modules that have been
configured into Thunderbird. If your new laptop's PKCS#11 module is not
among them, that's the first thing to fix.
...
I downloaded the NSS 3.11 binary build for WINNT5.0 - there were no
buil
Nelson B Bolyard wrote:
Out of curiosity, what tool(s) did you use to get that data?
An Embedded Security Certificate Viewer is part of HP's ProtectTools
suite. There's no way to copy the output of the viewer to the clipboard,
so I had to transpose it manually.
___
Nelson B wrote:
Best bet is to get a formatted listing of the certificate itself,
showing all the extensions and their criticality.
OK, here goes:
Non-critical X.509 version 3 extensions:
* CRL Distribution Points
* Authority Key Identifier
* Subject Key Identifier
* Authority Information Acc
Peter Djalaliev wrote:
Hello Dave,
In your first posting, you said that you have loaded "the relevant
PKCS#11 module". What module are you using? Is it provided with
ProtectTools?
The module ships with ProtectTools as a DLL: ifxtpmck.dll, to be precise.
Otherwise, I read through some of t
Dave Pinn wrote:
Right-oh. I'd love to run pk11util. Do you know of a binary build of
pk11util for Windows XP?
Hang on, am I being blonde? is NSS something that I can download and
run, which incorporates pk11util?
___
dev-tech-crypto mailing
Nelson B wrote:
Have you looked in all of cert manager's tabs?
Yes, I have looked; it does not appear in any of Certificate Manager's tabs.
Your cert won't show up in "Your certificates" unless TBird can also find
the private key as a PKCS#11 object, with the same CKA_ID value as the
cert (an
I'm newish to security issues, so be gentle with me.
I bought a digital certificate, and installed it on my TPM chip. I have
loaded the relevant PKCS #11 module in Thunderbird; however, the
certificate on my TPM chip does not appear in Thunderbird's Certificate
Manager. I know that Thunderbird
22 matches
Mail list logo