Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Ce site disposera de fonctionnalités limitées pendant que nous effectuons des opérations de maintenance en vue de vous proposer un meilleur service. Si un article ne règle pas votre problème et que vous souhaitez poser une question, notre communauté d’assistance est prête à vous répondre via @FirefoxSupport sur Twitter, et /r/firefox sur Reddit.

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Setting default client certificate for site, using certutil

  • 2 réponses
  • 1 a ce problème
  • 1 vue
  • Dernière réponse par cor-el

more options

I"m trying to use the certutil, to basically change the default client certificate, for the sitr authorization. This of course can be done using firefox "advanced" menu, but i want to write a simple bat. So i looked up there is -t option

p prohibited (explicitly distrusted) P Trusted peer c Valid CA T Trusted CA to issue client certificates (implies c) C Trusted CA to issue server certificates (SSL only) (implies c) u Certificate can be used for authentication or signing w Send warning (use with other attributes to include a warning when the certificate is used in that context)

So which is the way to make firefox to trust the choosen client certificate by default? Also this option is for cert file, but is there a way to modify a cert that is already imported to cert8.db? Is it even possible with certutils?

I"m trying to use the certutil, to basically change the default client certificate, for the sitr authorization. This of course can be done using firefox "advanced" menu, but i want to write a simple bat. So i looked up there is -t option p prohibited (explicitly distrusted) P Trusted peer c Valid CA T Trusted CA to issue client certificates (implies c) C Trusted CA to issue server certificates (SSL only) (implies c) u Certificate can be used for authentication or signing w Send warning (use with other attributes to include a warning when the certificate is used in that context) So which is the way to make firefox to trust the choosen client certificate by default? Also this option is for cert file, but is there a way to modify a cert that is already imported to cert8.db? Is it even possible with certutils?

Toutes les réponses (2)

more options

The only way to modify a cert that has already been imported is to remove it and add the new one. However you may still run into this issue if it does not comply with the certificate restrictions NSS 3.19-> if this is a recent issue you can review the changes that were made: here

There was a change in CA certs that might be causing this issue: https://www.mozilla.org/en-US/about/g.../policy/ Disabling it would make it less secure, but to disable it, the config is called mozilla:pix.

Other references:

more options