MozillaWiki

CA:AddRootToFirefox: Difference between revisions

Page Discussion

CA:AddRootToFirefox (view source)

Revision as of 17:29, 28 April 2017

410 bytes added ,  28 April 2017
Fix code sample
(→‎AutoConfig via JavaScript: update link to addCertFromBase64 API)
(Fix code sample)
Line 20: Line 20:
== AutoConfig via JavaScript ==
== AutoConfig via JavaScript ==


If you're using AutoConfig without CCK2, you can still use [https://dxr.mozilla.org/mozilla-central/rev/e17cbb839dd225a2da7e5d5bec43cf94e11749d8/security/manager/ssl/nsIX509CertDB.idl#353 the API] that the CCK2 uses to install certificate authorities. Here's what it looks like to install the [http://www.cacert.org/index.php?id=3 cacert.org root certificate]:
If you're using AutoConfig without CCK2, you can still use [https://dxr.mozilla.org/mozilla-central/rev/e17cbb839dd225a2da7e5d5bec43cf94e11749d8/security/manager/ssl/nsIX509CertDB.idl#353 the API] that the CCK2 uses to install certificate authorities.


# var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
This is based on knowledge from here:
# var certdb2 = certdb;
https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
# try {
 
certdb2 = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB2);
Place the [https://bug1359127.bmoattachments.org/attachment.cgi?id=8862864 autoconfig.js] file in one of these directories:
# } catch (e) {}
* on Windows    defaults\pref
# cert = "MIIHPT...zTMVD"; // This should be the certificate content with no line breaks at all.
* on Mac        Firefox.app/Contents/Resources/defaults/pref
# certdb2.addCertFromBase64(cert, "C,C,C", "");
* on Linux      defaults/pref
 
Place the mozilla.cfg file (the autoconfig.js file makes reference to it) besides the Firefox executable:
<pre>
var Cc = Components.classes;
var Ci = Components.interfaces;
var certdb = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB);
var certdb2 = certdb;
try {
  certdb2 = Cc["@mozilla.org/security/x509certdb;1"].getService(Ci.nsIX509CertDB2);
} catch (e) {}
 
cert = "MIIHPT...zTMVD"; // This should be the certificate content with no line breaks at all.
certdb2.addCertFromBase64(cert, "C,C,C", "");
</pre>


The three Cs mean to trust the certficate for servers, email and objects. The third parameter is the name, but it is ignored. If you want to install binary certificates, things get more complicated. In that case, I'd definitely recommend the [http://mike.kaply.com/cck2/ CCK2].
The three Cs mean to trust the certficate for servers, email and objects. The third parameter is the name, but it is ignored. If you want to install binary certificates, things get more complicated. In that case, I'd definitely recommend the [http://mike.kaply.com/cck2/ CCK2].
Armenzg
Confirmed users
3,990

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1169712"