Re: How to programmatically "Add Exception" on "Servers" tab in Certificate Manager.
Not with certutil, but you can use nsICertOverrideService in an addon: https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsICertOverrideService.idl#52 Or you could directly alter the the "cert_override.txt" file in the profile directory: https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsCertOverrideService.cpp#205 Another option would be to create a fake CA, use that to issue localhost.pem, and import/trust the CA with certutil. Cheers, David On 09/14/2015 12:47 AM, Priyanka wrote: > Even after executing the following line , it gives me "This connection is > untrusted" warning in firefox. > > certutil.exe -A -n "localhost" -t "P,P,P" -i "C:\< dir>>\localhost.pem" -d > "C:\Users\<>\AppData\Roaming\mozilla\firefox\profiles\<>.default" > > > Is there any way i can by pass this warning using the certutil? > > > > -- > View this message in context: > http://mozilla.6506.n7.nabble.com/How-to-programmatically-Add-Exception-on-Servers-tab-in-Certificate-Manager-tp287317p344972.html > Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. > signature.asc Description: OpenPGP digital signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: How to programmatically "Add Exception" on "Servers" tab in Certificate Manager.
Even after executing the following line , it gives me "This connection is untrusted" warning in firefox. certutil.exe -A -n "localhost" -t "P,P,P" -i "C:\<>\localhost.pem" -d "C:\Users\<>\AppData\Roaming\mozilla\firefox\profiles\<>.default" Is there any way i can by pass this warning using the certutil? -- View this message in context: http://mozilla.6506.n7.nabble.com/How-to-programmatically-Add-Exception-on-Servers-tab-in-Certificate-Manager-tp287317p344972.html Sent from the Mozilla - Cryptography mailing list archive at Nabble.com. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
How to programmatically Add Exception on Servers tab in Certificate Manager.
I am using the NSS certutil.exe app command line to add a self-signed certificate to Firefox. Using the command line I'm able to get my certificate to show up in the Certificate Manager under the Authorities and Others tabs. I have even gotten it to show up in the Servers tab. However, when it does the Server column has a *. When I navigate to my website I still get a certificate warning. I noticed that when I manually add the exception the Server column says the name and port of my site. It seems to be different in other was too as the Edit Trust button seems to be permanently disabled. So, how can I Add Exception using NSS tools? I'm able to get the cert installed in a way that doesn't work using this command: certutil.exe -A -n localhost -t P,P,P -i C:\Path to Cert dir\localhost.pem -d C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rand.default Am I just missing a command line option? Any help or ideas would be appreciated! Thanks, EV -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: How to programmatically Add Exception on Servers tab in Certificate Manager.
On Tue, 2013-08-06 at 09:41 -0700, epva...@gmail.com wrote: So, how can I Add Exception using NSS tools? I'm able to get the cert installed in a way that doesn't work using this command: You cannot. The exceptions feature has been added at the Mozilla application layer, above NSS. The host specific exceptions aren't stored by NSS. If you want to add them programmatically, you could do it from Add-On code. Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: How to programmatically Add Exception on Servers tab in Certificate Manager.
Thanks Kai! I was starting to think that was the case. One follow up question. If I generate my own CA and then use that CA to generate a certificate...If I add the CA to firefox using the certutil the generated cert will be accepted by firefox without a warning, right? Thanks, EV -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: How to programmatically Add Exception on Servers tab in Certificate Manager.
On 08/06/2013 09:41 AM, epva...@gmail.com wrote: I am using the NSS certutil.exe app command line to add a self-signed certificate to Firefox. Using the command line I'm able to get my certificate to show up in the Certificate Manager under the Authorities and Others tabs. I have even gotten it to show up in the Servers tab. However, when it does the Server column has a *. When I navigate to my website I still get a certificate warning. What is the details of the warning? I noticed that when I manually add the exception the Server column says the name and port of my site. It seems to be different in other was too as the Edit Trust button seems to be permanently disabled. So, how can I Add Exception using NSS tools? As Kai pointed out, the Add Exception is not stored in the NSS db, but in the firefox profile. In general, the plugin would be the preferred way to have the cert trusted in Firefox because it ties the cert to a specific website. I'm able to get the cert installed in a way that doesn't work using this command: certutil.exe -A -n localhost -t P,P,P -i C:\Path to Cert dir\localhost.pem -d C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\rand.default Am I just missing a command line option? Any help or ideas would be appreciated! This should have marked the cert explicitly trusted, so I'm curious about what warning details you get. (Not that I recommend making this method work, I just want to understand why it didn't). bob smime.p7s Description: S/MIME Cryptographic Signature -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto