Installing an extra certificate

[Stefan Arentz]

I would like to install an extra certificate on my Unagi phone so that I can use a http/https proxy for debugging and testing. I'm not sure where to start with this though.

Does anyone have a pointer to more info?

S.

[Frederik Braun]

Speaking of which...is there a way to set a proxy? I know I filed https://bugzilla.mozilla.org/show_bug.cgi?id=829766 a few weeks ago, so there is no official way.
I still hope that there might be a hackish way to do this from a privileged debugging perspective....

_______________________________________________
dev-b2g mailing list
dev...@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g

[Marcio Galli]

Another case, under networking, is 802.1x which can be seen in the
enterprise scenario. I have a case with about 25 screens,
Gecko-powered, all of them connecting in the network via a managed
solution [1] using 802.1x via WIFI.

Is there a tracking bug or a wiki page for us to monitor importance,
use cases for these network cases?

socks+

m


[1] https://github.com/taboca/TelaSocial/wiki/WIFI-WAN-setup-using-WPA_Supplicant

--
www.telasocial.com

[Fabrice Desre]

On 02/08/2013 07:32 AM, Frederik Braun wrote:
> Speaking of which...is there a way to set a proxy? I know I filed https://bugzilla.mozilla.org/show_bug.cgi?id=829766 a few weeks ago, so there is no official way.
> I still hope that there might be a hackish way to do this from a privileged debugging perspective....

Setting the proxy prefs in gaia/build/custom-prefs.js should work.

Fabrice
--
Fabrice Desr�
b2g team
Mozilla Corporation

[Carmen Jiménez Cabezas]

Hi.

To install an extra certificate you'll need ADB access to the phone (enable
remote debugging in settings if you don't have it yet) and the NSS utils.
You can use something like:

----------------------------------------------------------------------------
--------
certutil -d "sql:." -N
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.

Enter new password:
Re-enter password:
----------------------------------------------------------------------------
--------

Leave an empty password. Then you can use something like

----------------------------------------------------------------------------
--------
#!/bin/bash

for i in addedcerts/*
do
echo "Adding $i"
certutil -d sql:. -A -n "$i" -t "C,C,TC" -i $i
done
----------------------------------------------------------------------------
--------
To add the certificates to the database. And then you can use something
like:

----------------------------------------------------------------------------
--------

#!/bin/sh

ROOT_DIR_DB=/data/b2g/mozilla
CERT=cert9.db
KEY=key4.db
PKCS11=pkcs11.txt
DB_DIR=`adb shell "ls -d ${ROOT_DIR_DB}/*.default 2>/dev/null" | sed
"s/default.*$/default/g"`

if [ "${DB_DIR}" = "" ]; then
echo "Profile directory does not exists. Please start the b2g process at
least once before running this script."
exit 1
fi

adb shell stop b2g

echo "copying ${CERT}: adb push ./${CERT} ${DB_DIR}/${CERT}"
adb push ./${CERT} ${DB_DIR}/${CERT}
echo "copying ${KEY}: adb push ./${KEY} ${DB_DIR}/${KEY}"
adb push ./${KEY} ${DB_DIR}/${KEY}
echo "copying ${PKCS11}: adb push ./${PKCS11} ${DB_DIR}/${PKCS11}"
adb push ./${PKCS11} ${DB_DIR}/${PKCS11}

adb shell start b2g

echo "Finished."

----------------------------------------------------------------------------
--------

To push your new database to the device.

If you need any help with the scripts (or if they don't work for you :) )
let me know and I'll try to help you.

Best regards,

Carmen

-----Mensaje original-----
De: dev-b2g-bounces+mcjimenez=gfi...@lists.mozilla.org
[mailto:dev-b2g-bounces+mcjimenez=gfi...@lists.mozilla.org] En nombre de
Stefan Arentz
Enviado el: viernes, 08 de febrero de 2013 15:55
Para: dev...@lists.mozilla.org
Asunto: [b2g] Installing an extra certificate

[pierre.etie...@gmail.com]

Hi Carmen,

I've tried to add a new certificat using the tutorial https://mkonrad.net/2014/05/19/installing-self-signed-certificates-on-firefox-os.html derived from you script

However, I believe one requirement is missing: the phone needs to be rooted, am I right ? In my case, accessing the /data directory with adb yields "Permission denied" messages.

That's annoying because I can't read my email from crans.org because their cerfificate from cacert.org is not recognized!

best,
Pierre

[nblum...@googlemail.com]

Should this method still be working? I was trying to install certificates on my Geeksphone Revolution with FxOS v2.0. But after using the script from http://www.pending.io/add-cacert-root-certificate-to-firefox-os/ I cannot see any difference. https://cacerts.com for example still is untrusted.