Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Ko tenda hembiapoite sa’ivéta oñemba’apokuévo hese hembiapo porãve hag̃ua. Peteĩ jehaipyre nomoĩporãiramo ne apañuái ha eporanduséramo, roguerekohína ore nepytyvõ rekoha ikatútava ndeykeko @FirefoxSupport Twitter-pe ha avei /r/firefox Reddit-pe.

Eheka Pytyvõha

Emboyke pytyvõha apovai. Ndorojeruremo’ãi ehenói térã eñe’ẽmondóvo pumbyrýpe ha emoherakuãvo marandu nemba’etéva. Emombe’u tembiapo imarãkuaáva ko “Marandu iñañáva” rupive.

Kuaave

Setting default client certificate for site, using certutil

  • 2 Mbohovái
  • 1 oguereko ko apañuái
  • 1 Hecha
  • Mbohovái ipaháva cor-el

more options

I"m trying to use the certutil, to basically change the default client certificate, for the sitr authorization. This of course can be done using firefox "advanced" menu, but i want to write a simple bat. So i looked up there is -t option

p prohibited (explicitly distrusted) P Trusted peer c Valid CA T Trusted CA to issue client certificates (implies c) C Trusted CA to issue server certificates (SSL only) (implies c) u Certificate can be used for authentication or signing w Send warning (use with other attributes to include a warning when the certificate is used in that context)

So which is the way to make firefox to trust the choosen client certificate by default? Also this option is for cert file, but is there a way to modify a cert that is already imported to cert8.db? Is it even possible with certutils?

I"m trying to use the certutil, to basically change the default client certificate, for the sitr authorization. This of course can be done using firefox "advanced" menu, but i want to write a simple bat. So i looked up there is -t option p prohibited (explicitly distrusted) P Trusted peer c Valid CA T Trusted CA to issue client certificates (implies c) C Trusted CA to issue server certificates (SSL only) (implies c) u Certificate can be used for authentication or signing w Send warning (use with other attributes to include a warning when the certificate is used in that context) So which is the way to make firefox to trust the choosen client certificate by default? Also this option is for cert file, but is there a way to modify a cert that is already imported to cert8.db? Is it even possible with certutils?

Opaite Mbohovái (2)

more options

The only way to modify a cert that has already been imported is to remove it and add the new one. However you may still run into this issue if it does not comply with the certificate restrictions NSS 3.19-> if this is a recent issue you can review the changes that were made: here

There was a change in CA certs that might be causing this issue: https://www.mozilla.org/en-US/about/g.../policy/ Disabling it would make it less secure, but to disable it, the config is called mozilla:pix.

Other references:

more options