Windows 10 reached EOS (end of support) on October 14, 2025. If you are on Windows 10, see this article.

Avatar for Username

Caută ajutor

Atenție la excrocheriile de asistență. Noi nu îți vom cere niciodată să suni sau să trimiți vreun SMS la vreun număr de telefon sau să dai informații personale. Te rugăm să raportezi activitățile suspecte folosind opțiunea „Raportează un abuz”.

Află mai multe

Firul de discuție a fost arhivat. Adresează o întrebare nouă dacă ai nevoie de ajutor.

Setting default client certificate for site, using certutil

  • 2 răspunsuri
  • 1 are această problemă
  • 134 de vizualizări
  • Ultimul răspuns dat de cor-el

Fairyyyy
Fairyyyy

I"m trying to use the certutil, to basically change the default client certificate, for the sitr authorization. This of course can be done using firefox "advanced" menu, but i want to write a simple bat. So i looked up there is -t option

p prohibited (explicitly distrusted) P Trusted peer c Valid CA T Trusted CA to issue client certificates (implies c) C Trusted CA to issue server certificates (SSL only) (implies c) u Certificate can be used for authentication or signing w Send warning (use with other attributes to include a warning when the certificate is used in that context)

So which is the way to make firefox to trust the choosen client certificate by default? Also this option is for cert file, but is there a way to modify a cert that is already imported to cert8.db? Is it even possible with certutils?

I"m trying to use the certutil, to basically change the default client certificate, for the sitr authorization. This of course can be done using firefox "advanced" menu, but i want to write a simple bat. So i looked up there is -t option p prohibited (explicitly distrusted) P Trusted peer c Valid CA T Trusted CA to issue client certificates (implies c) C Trusted CA to issue server certificates (SSL only) (implies c) u Certificate can be used for authentication or signing w Send warning (use with other attributes to include a warning when the certificate is used in that context) So which is the way to make firefox to trust the choosen client certificate by default? Also this option is for cert file, but is there a way to modify a cert that is already imported to cert8.db? Is it even possible with certutils?

Toate răspunsurile (2)

guigs
guigs

The only way to modify a cert that has already been imported is to remove it and add the new one. However you may still run into this issue if it does not comply with the certificate restrictions NSS 3.19-> if this is a recent issue you can review the changes that were made: here

There was a change in CA certs that might be causing this issue: https://www.mozilla.org/en-US/about/g.../policy/ Disabling it would make it less secure, but to disable it, the config is called mozilla:pix.

Other references:

cor-el
cor-el
  • Moderator

See also: