[wplug] firefox default trusted certificate authorities
Dane Miller
dane at olneyfriends.org
Fri Mar 10 17:38:50 EST 2006
Brian A. Seklecki wrote:
> Use mozilla/netscape's certutil(1) to modify the pkcs12 database
> (cert[7,8].db):
>
> $ certutil -L -d /home/seklecki/.mozilla/firefox/uvfw5x1r.default/
> Collaborative Fusion CA - Collaborative Fusion, Inc. CT,C,C
> Brian Seklecki PKCS#12 Pu,pu,pu
>
> http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
Doesn't look like certutil is packaged by Ubuntu. But it doesn't really
address the underlying issue of adding trusted CAs to a workstation for
all users to enjoy. I did some digging around on irc and learned that:
a) default CA certs are compiled into Firefox
b) Debian supposedly manages CA certs system-wide in /etc/ssl/certs
with the update-ca-certificates tool, available in the ca-certificates
package. Debian's Mozilla supposedly uses these certs, which can be
updated by the sysadmin.
c) Ubuntu != Debian in this respect (that is, I did the steps above
and they didn't work).
...or maybe b) is an evil lie spread on #debian-fr to antagonize
Americans into sticking with their native-language chat rooms.
Dane
--
Dane Miller
Technology Coordinator
Olney Friends School
Barnesville, Ohio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.wplug.org/pipermail/wplug/attachments/20060310/41bd9e3e/attachment.bin
More information about the wplug
mailing list