nss

问题 I have written a REST server which listens on port 8000. I am trying to invoke the api from the same machine using the cURL command - curl -H "accept: application/json" https://localhost:8000/status -v I am getting the following error * About to connect() to localhost port 8000 (#0) * Trying ::1... * Connected to localhost (::1) port 8000 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12263 (SSL_ERROR_RX_RECORD

问题 I have written a REST server which listens on port 8000. I am trying to invoke the api from the same machine using the cURL command - curl -H "accept: application/json" https://localhost:8000/status -v I am getting the following error * About to connect() to localhost port 8000 (#0) * Trying ::1... * Connected to localhost (::1) port 8000 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * NSS error -12263 (SSL_ERROR_RX_RECORD

问题 I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. Now I'm trying to move my application to another server where is installed Fedora 18 with NSS. cURL is returning this error: unable to load client key: -8178 (SEC_ERROR_BAD_KEY) I tested again and on my computer is working fine but on server not. I think it's because I used OpenSSL to generate certificates but on server is installed NSS. I can't find how to generate certificates with

问题 I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. Now I'm trying to move my application to another server where is installed Fedora 18 with NSS. cURL is returning this error: unable to load client key: -8178 (SEC_ERROR_BAD_KEY) I tested again and on my computer is working fine but on server not. I think it's because I used OpenSSL to generate certificates but on server is installed NSS. I can't find how to generate certificates with

问题 I'm almost losing hope on this one. I'm trying to access the Firefox trust store from Java 7 using the NSS libraries that come with the Firefox installation, via PKCS#11. Here is the code: import java.security.KeyStore; import java.security.Security; import java.util.Enumeration; import sun.security.pkcs11.SunPKCS11; public class Test { public static void main(String[] args) throws Exception { String configName = "pkcs11.cfg"; SunPKCS11 p = new SunPKCS11(configName); Security.addProvider(p);

问题 The SSL / TLS handshake between a "Java 1.7 TLS 1.1 server" and a "Java 1.8 client" fails in my environment with the following exception on the server side: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for provider SunPKCS11-NSSfips Following are the details of the server and the client in my environment: Server: The server uses Java 1.7u45 and is running in FIPS 140 compliant mode as mentioned in http://docs.oracle.com/javase/7/docs/technotes/guides

问题 I'm trying to develop a FF extension that calls nsIX509CertDB.nsIX509CertDB. When calling this function from a xpcshell I alwas receive a error 0x80004005 (NS_ERROR_FAILURE). I suspect it to be failing since in a xpcshell environment I can not be prompted for the password. Is there any way to provide it from the command line? My code: if(nsIFile != null && nsIFile.exists()) { var certDB = Cc["@mozilla.org/security/x509certdb;1"] .getService(Ci.nsIX509CertDB); certDB.importPKCS12File(null,

问题 I am Using Firefox 40 and followed Signing an XPI article to sign an XPI. Used certutil to sign the XPI, imported the X509.cacert in firefox Certificate Manager (Authorities tab) every step completed as mentioned in the article. Now if I install the XPI , I get popup. Caution: This site would like to install an unverified add-on in Firefox After installation the extension is working correctly. However if I set the flag: xpinstall.signature.required to true and then try to install it . I get

问题 Just recently my server has stopped working for curl requests to https:// addresses for my web server. Having dug around a little it appears that it's a problem with the user the webserver is running. If I SSH onto the server as root & call curl -I -v https://google.com ... I get the following response... * About to connect() to google.com port 443 (#0) * Trying 173.194.67.113... connected * Connected to google.com (173.194.67.113) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki

问题 I'm using curl library (with NSS) in PHP to connect to my other server. Everything was fine until last week, when the destination server stoped supporting SSLv3 due to poodle vulnerability (CloudFlare by the way). Now, I'm trying to make connection using TLS, but I'm still getting "SSL connect error". There is sample code, I'm using: $ch = curl_init(); curl_setopt_array( $ch, array( CURLOPT_URL => 'https://www.lumiart.cz', CURLOPT_RETURNTRANSFER => true, CURLOPT_SSLVERSION => 1, CURLOPT_SSL