Peter Djalaliev wrote, On 2008-08-07 09:26:
> My company develops an in-line network device that possibly resigns
> certificates of SSL connections with an internal CA.
Oh, a MITM! :-)
Is there a web page where we can read more about that product?
> Currently, we do
> not handle the regular
Yevgeniy Gubenko wrote, On 2008-08-07 09:09:
> I use NSS3.11.4 with NSPR 4.6.4 (for fips compliant usage).
> Here are the steps I perform to add new certificate to NSS db:
> Phase 1 - Create a CA Certificate
>
> * CA: Create NSS DB for CA
> o Create the folder:
> mkdir /opt/nss/fipscadb/
>
Wan-Teh Chang wrote:
> Which Linux distribution is this?
openSUSE Linux 11.0
Ciao, Michael.
___
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Nelson, thank you for your fast response to this!
my responses are inline:
>On Aug 6, 10:45 am, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
> Gordon.Young wrote, On 2008-08-05 19:45:
>
> > I need help finding a document(s) to help me understand cross
> > certification and path building/chaining
Wan-Teh Chang wrote:
2008/8/7 Robert Relyea <[EMAIL PROTECTED]>:
signver was finally made to link with the dynamic NSS libraries in NSS
3.12.1 (not yet released), so pretty much any package will have static
linked version of it.
That's 'signtool', not 'signver'.
Opps, my bad...;(
Yevgeniy Gubenko wrote:
Thanks a lot for your answer.
I still need some clarifications:
1. If I understand you right, when I have to use a predefined persistent key to
do a crypto with it, there is no way, other than
importing the key into a PKCS#11 token as a token object in NSS db? (Even if
t
2008/8/7 Robert Relyea <[EMAIL PROTECTED]>:
>
> signver was finally made to link with the dynamic NSS libraries in NSS
> 3.12.1 (not yet released), so pretty much any package will have static
> linked version of it.
That's 'signtool', not 'signver'.
Wan-Teh
___
Hi. Thank you for your response
forgiveness for not answering before, I've been on holidays.
I thought that the problem was incompatibility between Firefox 3 (NSS
3.12) and JSS 4.2.5.
I have isolated the error and only is produced on Windows, On Ubuntun
all is OK.
I execute, in Windows XP with
Wan-Teh Chang wrote:
On Thu, Aug 7, 2008 at 4:40 AM, Michael Ströder <[EMAIL PROTECTED]> wrote:
Ok, I've extracted
ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/Linux2.6_x86_glibc_PTH_DBG.OBJ/nss-3.11.4.tar.gz
and set LD_LIBRARY_PATH to the extracted lib/ dir (see output of
Jean-Marc Desperrier:
>
> That part is of course much more dubious. But if you consider hostname
> only servers to be acceptable, there's little ground to say multiple
> subscrivers can't have one with the same name. Even if you'd decide to
> try to enforce that, there's no way to restrein another
> Um, OK. Out of curiosity, if you don't mind revealing it, please tell
> us (me) where that requirement comes from. I ask because I don't know
> of ANY public CA that issues such certs today. The last CA I knew of
> that did was the US DoD's CA that issued certificates for Fortezza cards.
My
Hi,
I use NSS3.11.4 with NSPR 4.6.4 (for fips compliant usage).
Here are the steps I perform to add new certificate to NSS db:
Phase 1 - Create a CA Certificate
* CA: Create NSS DB for CA
o Create the folder:
mkdir /opt/nss/fipscadb/
o Create the
Peter Djalaliev wrote, On 2008-08-07 07:30:
> Do the NSS APIs allow creating a new Diffie-Hellman SSL server
> certificate?
Yes, I'm pretty sure they do, but I think we have no test programs that
will do so easily. I don't recall that certutil supports the generation
of certs with DH public ke
Yevgeniy Gubenko wrote, On 2008-08-07 07:12:
> Thanks a lot for your answer.
> I still need some clarifications:
> 1. If I understand you right, when I have to use a predefined persistent
> key to do a crypto with it, there is no way, other than importing the key
> into a PKCS#11 token as a token
Wan-Teh Chang wrote, On 2008-08-07 06:22:
> On Tue, Aug 5, 2008 at 6:44 AM, dky <[EMAIL PROTECTED]> wrote:
>> I am trying to build it on Windows and GNU/Linux. I am unable to make
>> progress on Windows build as it needs nsinstall which is not ported to
>> Windows. I have started writing a shell sc
Hello,
Do the NSS APIs allow creating a new Diffie-Hellman SSL server
certificate? From what I understand, we need to generate DH
parameters and create an X509 certificate with the DH public key (and
params) in the subject public key info. This certificate is then
signed by a CA using RSA and DS
Thanks a lot for your answer.
I still need some clarifications:
1. If I understand you right, when I have to use a predefined persistent key to
do a crypto with it, there is no way, other than
importing the key into a PKCS#11 token as a token object in NSS db? (Even if
the key is an input from th
Eddy Nigg a écrit :
> [...]
> In other words, Comodo would issue multiple certificates for the very
> same domain name? You could have multiple valid certificates for
> www.mozilla.com?
It's an actually useful option. You may want the multiple servers that
will answer for www.mozilla.com to not s
On Thu, Aug 7, 2008 at 4:40 AM, Michael Ströder <[EMAIL PROTECTED]> wrote:
>
> Ok, I've extracted
> ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/Linux2.6_x86_glibc_PTH_DBG.OBJ/nss-3.11.4.tar.gz
>
> and set LD_LIBRARY_PATH to the extracted lib/ dir (see output of ldd
> below). Is s
On Tue, Aug 5, 2008 at 6:44 AM, dky <[EMAIL PROTECTED]> wrote:
>
> I am trying to build it on Windows and GNU/Linux. I am unable to make
> progress on Windows build as it needs nsinstall which is not ported to
> Windows. I have started writing a shell script to do what nsinstall
> does internally b
Hi,
Is it possible to import the PKCS#8 file for private key together with
the related X.509 cert file using PK11_ImportEncryptedPrivateKeyInfo()?
I have tried and was not successful.
The PKCS#8 file was created using the
PK11_ExportEncryptedPrivateKeyInfo(). The PKCS#8 file is valid one - I
t
Michael Ströder wrote:
> Nelson B Bolyard wrote:
>> The binaries for the NSS 3.11.4 release may be obtained from
>> ftp://ftp.mozilla.org/pub/security/nss/releases/NSS_3_11_4_RTM/
>> If the -s option also behaves as you found with those binaries, I'd like
>> to know that.
>
> I will give it a try.
22 matches
Mail list logo