UTF8 support in the Firefox certificate store?
Initially I posted this on another support forum, but was kindly
requested to post here instead:
I have created a X.509 v3 client certificate using OpenSSL.
The CN and OU field contain UTF8 characters, in this case Thai
characters for testing purposes.
When I import this certificate into the Windows certificate store it
shows all fields correctly, ie I can actually see the Thai characters
However when I import the certificate into Firefox (3.04) and view the
certificate subject from Firefox (tools->options->advanced->view
certificates->view->details) th...x-posting from dev-tech-crypto: web crypto APIs and resources
Hello Security Enthusiasts:
I just started a conversation on Web Crypto APIs (low-level, high-level) and the resources to implement in Gecko.
...I have signed CAB file. How to verify the certificate from programatically from .NET web service, certificates are stored in machine certificate store.
I have signed CAB file. How to verify the certificate from programatically from .NET web service, certificates are stored in machine certificate store.
Create the ASP.NET Web Application
In this section, you create a simple ASP.NET application. In the sections to follow, you will use client-side certificate authentication to secure this application.
Start Visual Studio .NET, and then create a new ASP.NET Web Application project named SecureSite.
Drag a Label control from the toolbox onto the WebForm1.aspx Web form...Certificates are not displayed/selectable from certificates stored on smartcard with Omnikey Smartcard Reader/Safenet DKCK201 PKCS#11 modules sinces FireFox 3.02
Certificates are not displayed/selectable from certificates Manager, for
certificates that are stored on a smartcard with Omnikey Smartcard
Reader/Safenet DKCK201 PKCS#11 module.
They are displayed in Firefox 126.96.36.199 and they were displayed in Firefox
3.0.1. FF 3.0.2 and higer doesn't display the certificates anymore. In the
Security Devices, the PKCS#11 module was installed succesfully and on this
screen the Certificate name on the smartcard can be shown.
The Certificate name has one particular extension to the X.500 name of the
Certificate (the 188.8.131.52.0.0 added field)...automate firefox certificate store
we currently have a process which uses and embedded windows control
and the .net security libraries to automate the installation of the
client x.509 certificate into the windows store.
I had run across some code snippets for doing this in firefox but now
for the life of me i can't find the websites. Does anyone have any
ideas how we can accomplish this or know of some websites that i can
look at for some ideas?
...Trouble with dev-tech-crypto
I'm having trouble posting to this list.
I'm trying to get an announcement posted,
but the messages simply disappear without errors.
If you end up seeing my messages multiple times,
This issue is being tracked in
bugzilla at mozilla dot org number 839245.
(Not including a link, just in case links are the
reason why mails are being filtered.)
...Supporting the Windows Certificate Store
I know that there are probably well thought out reasons that this isn't a features already...BUT! Lot's of US Government users can't use Firefox because it doesn't use the Windows certificate store.
Would anyone be totally opposed to adding this feature and having it enabled via group policy? That would allow some IT shops to roll it out with their preferred smart card middleware...like ActivClient.
On Wed, Jan 9, 2013 at 9:17 AM, <email@example.com> wrote:
> I know that there are probably well thought out reasons that this isn't a
> f...How to get into Firefox certificate store
I just got an email from Po=C5=A1ta Slovenije, a fully state-owned Post of
They are a certification authority (CA) and would like to get included in
the Firefox certificate store.
Does anyone know who should they talk to about it?
I thought the answer to this question might help other Reps when dealing
with local CAs, which is why I'm posting to this ML.
I believe the process is documented at https://wiki.mozilla.org/CA.
Kathleen Wilson is a good point of contact, as well:
...[moderator] testing dev-tech-crypto
I haven't seen any mail on this list for about two weeks.
I'm wondering if subscribers have been trying to send mail and
have been seeing it fail.
If you ever send emails to the list and find that they don't go through,
please send an email to me, the moderator.
...dev-tech-crypto moderation changes
Since its origin a few months ago, the firstname.lastname@example.org
list has been moderated, in an effort to keep spam out of the list.
The rules have been rather simple: mail sent by list members gets right
through, the rest goes into a moderation queue where it is reviewed
daily. The occasional on-topic message from a non-subscriber address
gets manually passed through, and the rest is discarded. Spam filters
(are intended to) recognize most spam and discard it outright, so that
the moderator need not review hundreds of spams daily to find the
occasional rare nuggets.
Un...Can firefox use personal certificates from the Windows store
Our windows users have personal certificates that enable them to
authenticate to web sites that accept certificates. However, firefox does
not recognize those certificates nor present them to web sites.
The certificates are auto enrolled and are replaced every month. We don't
wish for our 3500 users (even 10% of them) to have to export and import the
certificates for Firefox. Moreover, the certificates are marked
non-exportable to keep them more secure.
I understand that it would take a custom pkcs11 plugin to get the browser to
obtain certs from the Windows certificat...Anti-spam changes to dev-tech-crypto mailing list
Dear readers of dev-tech-crypto mailing list, and mozilla.dev.tech.crypto
As you have probably noticed, in the past 7 days we've seen a number of
emails that have gotten through the list's meager grep-based spam filters.
I have been increasing the rules trying to trap more spam, but the spam
grows faster than I can create rules for it. I apologize for that.
The situation has simply become intolerable, so as your list moderator,
I have taken steps to cut it off, and am prepared to take more steps.
Consequently, there are some changes to the list moderation that h...How to get Firefox to not permanently store invalid SSL certificates as a default?
Name: Saujanya Patel
Summary: How to get Firefox to not permanently store invalid SSL certificates as a default?
When Firefox is presented with an invalid SSL certificate (i.e. the
certificate has expired, the CA is not trusted, etc). It warns the user
that certificate is invalid and forces the user to retrieve (and
presumably review) the certificate.
How ever by default after accepting the certificate it has a check in
the box marked 'Permanently Store this Certificate'. It would be great
to be able ...dev-tech-crypto News->email gateway re-enabled
I have not seen any new spam in the mozilla.dev.tech.crypto newsgroup
since May 1, and in the last week, there have been numerous on-topic
messages posted to the newsgroup that have not been gatewayed to the
list, so today I have re-enabled the News->email gateway between
mozilla.dev.tech.crypto and the dev-tech-crypto mailing list.
If the spam resumes, I will disable the gateway again, but hopefully
that will not happen soon.
I invite any comments you may have about the relative merits of
keeping all spam out of the mailing list (which closing the news->mail