This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Caută ajutor

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Află mai multe

Acest fir de discuție a fost arhivat. Adresează o întrebare nouă dacă ai nevoie de ajutor.

Setting default client certificate for site, using certutil

  • 2 răspunsuri
  • 1 are această problemă
  • 1 vizualizare
  • Ultimul răspuns de cor-el

more options

I"m trying to use the certutil, to basically change the default client certificate, for the sitr authorization. This of course can be done using firefox "advanced" menu, but i want to write a simple bat. So i looked up there is -t option

p prohibited (explicitly distrusted) P Trusted peer c Valid CA T Trusted CA to issue client certificates (implies c) C Trusted CA to issue server certificates (SSL only) (implies c) u Certificate can be used for authentication or signing w Send warning (use with other attributes to include a warning when the certificate is used in that context)

So which is the way to make firefox to trust the choosen client certificate by default? Also this option is for cert file, but is there a way to modify a cert that is already imported to cert8.db? Is it even possible with certutils?

I"m trying to use the certutil, to basically change the default client certificate, for the sitr authorization. This of course can be done using firefox "advanced" menu, but i want to write a simple bat. So i looked up there is -t option p prohibited (explicitly distrusted) P Trusted peer c Valid CA T Trusted CA to issue client certificates (implies c) C Trusted CA to issue server certificates (SSL only) (implies c) u Certificate can be used for authentication or signing w Send warning (use with other attributes to include a warning when the certificate is used in that context) So which is the way to make firefox to trust the choosen client certificate by default? Also this option is for cert file, but is there a way to modify a cert that is already imported to cert8.db? Is it even possible with certutils?

Toate răspunsurile (2)

more options

The only way to modify a cert that has already been imported is to remove it and add the new one. However you may still run into this issue if it does not comply with the certificate restrictions NSS 3.19-> if this is a recent issue you can review the changes that were made: here

There was a change in CA certs that might be causing this issue: https://www.mozilla.org/en-US/about/g.../policy/ Disabling it would make it less secure, but to disable it, the config is called mozilla:pix.

Other references:

more options