nss | 易学教程

How to add a trusted Certificate Autority to Firefox with JSS

阅读更多关于 How to add a trusted Certificate Autority to Firefox with JSS

问题 I want to add a trusted certificate autority to your Mozilla Firefox certificate repository using JSS and Windows. Somebody knows how to do that? 回答1: Here is how to do it with JSS 4.3.1 ! You will find your windows firefox profile directory at %APPDATA%/Mozilla/Firefox/Profiles. Be sure to put all needed native libs in a unique directory and references this directory in the java.library.path, example: -Djava.library.path="C:\dev\firefox\jss-native" Here is the sample code: File

Is PKCS11 verify function supported in NSS 3.18.1 Public function

阅读更多关于 Is PKCS11 verify function supported in NSS 3.18.1 Public function

问题 I am trying to call PK11_Verify inside a js. let PK11_Verify = null; PK11_Verify = declareFunction("PK11_Verify", nss3, [ SECStatus, SECKEYPublicKey, SECItem.ptr, SECItem.ptr, ctypes.voidptr_t ]); // ... let rv = PK11_Verify(tokenPublicKey, signature.address(), digest.address(), null); I get message errors back as: Couldn't find function PK11_Verify to declare loadLibraries failed: Error: Couldn't find function symbol in Library I have checked the version NSS in the web browser NSS 3.18.1

Strange timeout with PHP cURL and SSL

阅读更多关于 Strange timeout with PHP cURL and SSL

问题 I'm experiencing strange timeouts using cURL with PHP when trying to access Amazon Cloudfront. This seems to affect all invalidation requests, creating distributions etc. cURL either reports receiving 0 bytes, or very few bytes, and then time-out: Operation timed out after 120000 milliseconds with 88 out of 619 bytes received . Extending the timeout settings does not seem to make a difference. Putting a trace using CURLOPT_VERBOSE produces this output: * About to connect() to cloudfront

NSS/JSS: load user imported cert along with PKCS#11 smartcard in Java

阅读更多关于 NSS/JSS: load user imported cert along with PKCS#11 smartcard in Java

问题 Scenario I am working on a Java Swing project, where I must develop a feature of listing certificates for users to choose for authentication via SSL against the server. These certificates must contain the user imported ones in Firefox, and if a smartcard is inserted, those in the card will be listed, too. The environment is Linux/MacOS. In Windows the Internet Explorer handles it all, and what we would like to achieve is much like what happens in Windows: list all certificates, along with

replace nsICertificateDialogs from firefox extension

阅读更多关于 replace nsICertificateDialogs from firefox extension

问题 I'm trying to replace the nsICertificateDialogs dialog with my own implementation. I already have an extension that handles smime mails from webmail. I want to be able to use the Mozilla cert store with my extension. The only possibility I've found to export smime certs/keys (to use it in my extension) is via exporting a pfx file. I unregistered the original certifica tedialog and registered mine as described here Failure while calling nsIX509CertDB.nsIX509CertDB from command line (unregister

NSS/JSS: load user imported cert along with PKCS#11 smartcard in Java

阅读更多关于 NSS/JSS: load user imported cert along with PKCS#11 smartcard in Java

Scenario I am working on a Java Swing project, where I must develop a feature of listing certificates for users to choose for authentication via SSL against the server. These certificates must contain the user imported ones in Firefox, and if a smartcard is inserted, those in the card will be listed, too. The environment is Linux/MacOS. In Windows the Internet Explorer handles it all, and what we would like to achieve is much like what happens in Windows: list all certificates, along with those in card, for users to choose. Situation When using NSS (Network Security Service) of Mozilla in

Access Firefox's certificate trust store from Java

阅读更多关于 Access Firefox's certificate trust store from Java

I'm almost losing hope on this one. I'm trying to access the Firefox trust store from Java 7 using the NSS libraries that come with the Firefox installation, via PKCS#11. Here is the code: import java.security.KeyStore; import java.security.Security; import java.util.Enumeration; import sun.security.pkcs11.SunPKCS11; public class Test { public static void main(String[] args) throws Exception { String configName = "pkcs11.cfg"; SunPKCS11 p = new SunPKCS11(configName); Security.addProvider(p); KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, "apassword".toCharArray()); System.out

samba+windows server

阅读更多关于 samba+windows server

将samba作为域成员服务器加入到AD域需要配置4个功能：samba、kerberos、winbind和nss。 1.下载并安装Windows server 2008 2.环境介绍 windows 2008 IP:10.10.54.51 Centos 6.4 IP:10.10.54.59 3.配置WIN 2008 1）修改DNS为计算机的IP：10.10.54.51 2）运行dcpromo===>使用高级模式安装===>在新林中新建域===>目录林根级域：xiao.com===>域名称：XIAO===>DNS服务器===>密码：@wang123 3)重启 4.软件安装在windows、Mac OS和linux系统上都有kerberos的相关软件包。在windows AD域环境中，使用kerberos做身份认证的服务器叫KDC（Key Distribution Center）。 [root@xiao59 ~]yum install -y samba.x86_64 samba-client.x86_64 samba-common.x86_64 samba-winbind.x86_64 samba-winbind-clients.x86_64 [root@xiao59 ~]yum install -y krb5-devel.x86_64 krb5-libs.x86_64 krb5

SSL certificate generated with OpenSSL not working on NSS

阅读更多关于 SSL certificate generated with OpenSSL not working on NSS

I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. Now I'm trying to move my application to another server where is installed Fedora 18 with NSS. cURL is returning this error: unable to load client key: -8178 (SEC_ERROR_BAD_KEY) I tested again and on my computer is working fine but on server not. I think it's because I used OpenSSL to generate certificates but on server is installed NSS. I can't find how to generate certificates with "certutil" or with "openssl" to be valid with NSS. The failure was due to my PKCS#8 private key format: -

How to create a certificate chain using keytool?

阅读更多关于 How to create a certificate chain using keytool?

I want to create certificate chain in java as follows: ca.mycompany.com |--asia.mycompany.com |--india.mycompany.com where ca.mycompany.com is a root certificate (self signed). I know this is possible with OpenSSL. But is it possible to to achieve this with keytool? If not, can I achieve this with Mozilla NSS library? There is an example in the keytool documentation that shows how to do this: keytool -genkeypair -keystore root.jks -alias root -ext bc:c keytool -genkeypair -keystore ca.jks -alias ca -ext bc:c keytool -genkeypair -keystore server.jks -alias server keytool -keystore root.jks