Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Certificate Install Automation

2 views
Skip to first unread message

Amir K.

unread,
Nov 30, 2000, 3:00:00 AM11/30/00
to
Hi, I am looking for a way to programmatically install/import a
certificate into Netscape.
Does anyone know how netscape stores certificates, or maybe there is a
SDK to use for such purposes ?

Any help appreciated
Thanx in advance.


Nelson B. Bolyard

unread,
Dec 1, 2000, 3:00:00 AM12/1/00
to
"Amir K." wrote:
>
> Hi, I am looking for a way to programmatically install/import a
> certificate into Netscape.

What kind of certificate do you want to install?

A root CA certificate?
A client authentication certificate?

> Does anyone know how netscape stores certificates, or maybe there is a
> SDK to use for such purposes ?

Does the following web page answer your questions?

http://home.netscape.com/eng/security/comm4-cert-download.html#communicator

> Any help appreciated
> Thanx in advance.

Please post any followup questions to this newsgroup. Thanks.
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape

Amir K.

unread,
Dec 6, 2000, 3:00:00 AM12/6/00
to
I wanted to be able to install personal, user and root certificates into
netscape client for use in email primarily. This had to be done
programmatically, bypassing the Netscape UI.

I searched around on the net for awhile and only found out that this is either
done by direct modification of cert7.db and key3.db which is not advised, or by
using certtool and pk12util tools provided on mozilla site.
So for people who will be asking this question in the future of whether they
can programmatically install certificates into netscape the answer is yes if
you build the certtool/pk12util for your platform and using a command line
utility from your program is acceptable.


Nelson B. Bolyard

unread,
Dec 6, 2000, 3:00:00 AM12/6/00
to

Amir,

There is a reason why Netscape's browser products don't let a web site
automatically install certificates, especially root certs, without user
participation.

The consequences of trusting a "rogue" CA cert are mind boggling. If any
web site could cause a new CA cert to be downloaded and trusted in the
browser without the user's knowledge and agreement, then there would be
many such rogue CAs around, issuing false server certs, and the security
of https and the public's confidence in it would be ruined. Most people
would not be able to tell if a web site was legit or not. Guess how that
would affect your favorite stock market.

In short, downloading and installing CA certs without user participation
and agreement is a VERY BAD IDEA.

What legitimate motives exist for wanting to avoid user participation?

0 new messages