David Stutzman wrote:
Here's some certutil -L output for the cert I am playing with here:
Signed Extensions:
Name: Certificate Key Usage
Critical: True
Usages: Digital Signature
Non-Repudiation
Name:
Dave Pinn wrote:
Nelson B wrote:
Best bet is to get a formatted listing of the certificate itself,
showing all the extensions and their criticality.
OK, here goes:
Non-critical X.509 version 3 extensions:
* CRL Distribution Points
* Authority Key Identifier
* Subject Key Identifier
Nelson B Bolyard wrote:
Presently, A user must initiate the first fetch of a CRL from the CA.
CRLs are fetched asynchronously from cert chain validation.
CRLs are stored on disk locally, IIRC. After fetching the first one,
mozilla clients will fetch subsequent CRLs automatically on a periodic
Nelson B Bolyard wrote:
Presently, A user must initiate the first fetch of a CRL from the CA.
To clarify, AFAIK all that is required is for a user to click on a link
to the CRL, *if* the CRL data is returned with a MIME type of
application/pkix-crl. Firefox then imports the CRL and prompts
Nelson B Bolyard wrote:
...
1) use modutil to get a listing of all the PKCS#11 modules that have been
configured into Thunderbird. If your new laptop's PKCS#11 module is not
among them, that's the first thing to fix.
...
I downloaded the NSS 3.11 binary build for WINNT5.0 - there were no
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
I created the .netscape directory, and plonked into it the following
files from my Thunderbird profile directory:
1. cert8.db
2. key3.db
3. secmod.db
I then ran modutil -list, which produced the following output:
Listing of PKCS #11 Modules
I ran certutil -L, which produced the following output (some lines
deleted to protect my privacy):
Gatekeeper TYPE 3 CA - eSign Australia CT,C,C
Gatekeeper Grade 3 Individual CA - eSign Australia CT,C,C
Gatekeeper Root CA - eSign Australia
Dave Pinn wrote:
Nelson B Bolyard wrote:
...
1) use modutil to get a listing of all the PKCS#11 modules that have been
configured into Thunderbird. If your new laptop's PKCS#11 module is not
among them, that's the first thing to fix.
...
I downloaded the NSS 3.11 binary build for
Nelson Bolyard wrote:
Try
certutil -L -h all
to get a list of all certs in all slots.
X:\ThunderbirdProfilecertutil -L -h all -d .
Enter Password or Pin for Embedded Security Chip:
Gatekeeper Root CA - eSign Australia CT,C,C
Gatekeeper Grade 3 Individual CA - eSign
Dave Pinn wrote:
or try wiht the token name
certutil -L -h Embedded Security Chip
X:\ThunderbirdProfilecertutil -L -h Embedded Security Chip -d .
Enter Password or Pin for Embedded Security Chip:
X:\ThunderbirdProfile
That cannot be good, and Yes, I'm sure that I got the password
11 matches
Mail list logo
