1 / 26

Managing Certificates and CRLs

Managing Certificates and CRLs. Introduction. This document is intended for users who will be involved in managing digital certificates and updating Certificate Revocation Lists (CRLs) into Mozilla browser database files.

brigid
Télécharger la présentation

Managing Certificates and CRLs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Managing Certificates and CRLs TCS Confidential

  2. Introduction • This document is intended for users who will be involved in managing digital certificates and updating Certificate Revocation Lists (CRLs) into Mozilla browser database files. • Mozilla provides two ways of performing certificates and CRLs related tasks: • Using Mozilla Browser (Slides 3 - 19) • Using command line utilities (Slide 20 onwards) • The next few pages address both the ways of managing certificates and CRLs.

  3. Certificate Database Files Following are the Mozilla database files, key3.db, cert8.db, secmod.db For Non-Windows: The certificate details are updated in /root/.mozilla/default/f9d2tfjc.slt folder. Note that f9d2tfjc.slt folder name may vary with user and machine. Appropriate name has to be specified while calling initialize() method. For Windows: The certificate details are updated in C:\Documents and Settings\<user name>\Application Data\Mozilla\Firefox\Profiles\ultp6ovi.default folder. Note that ultp6ovi.default folder name may vary with user and machine. Appropriate name has to be specified while calling initialize() method.

  4. Update Certificate DB files Copy the files, key3.db, cert8.db, secmod.db in the below mentioned folders. Take backup of old files before replacing the new files. For Non-Windows: The certificate details are updated in /root/.mozilla/default/f9d2tfjc.slt folder. Note that f9d2tfjc.slt folder name may vary with user and machine. Appropriate name has to be specified while calling initialize() method. For Windows: The certificate details are updated in C:\Documents and Settings\<user name>\Application Data\Mozilla\Firefox\Profiles\ultp6ovi.default folder. Note that ultp6ovi.default folder name may vary with user and machine. Appropriate name has to be specified while calling initialize() method.

  5. Start Mozilla Browser Screenshots of Mozilla Firefox version 2.0.0.4

  6. Click on options Import Certificate Screenshots of Mozilla Firefox version 2.0.0.4

  7. Click on Advanced Import Certificate Screenshots of Mozilla Firefox version 2.0.0.4

  8. Click on View Certificates View Certificates Screenshots of Mozilla Firefox version 2.0.0.4

  9. Click on Import Your Certificates Screenshots of Mozilla Firefox version 2.0.0.4

  10. Select a pfx/p12 file and click on Open Select Your Certificate Screenshots of Mozilla Firefox version 2.0.0.4

  11. Enter the master password and click on OK Enter Mozilla Master Password To reset your Master Security Password enter the following url in the browser : chrome://pippki/content/resetpassword.xul Screenshots of Mozilla Firefox version 2.0.0.4

  12. Enter password of pfx/p12 file and click on OK Enter Your Certificate Password Screenshots of Mozilla Firefox version 2.0.0.4

  13. Click on Authorities Click on Import Import Certificate Chain Screenshots of Mozilla Firefox version 2.0.0.4

  14. Select a cer file and click on Open Select Certificate Screenshots of Mozilla Firefox version 2.0.0.4

  15. Select all the checkboxes to trust the Issuer Click on OK Import Certificate Screenshots of Mozilla Firefox version 2.0.0.4

  16. Imported Certificates Store Imported certificates will be stored in the files, key3.db, cert8.db, secmod.db of the below mentioned folders. For Non-Windows: The certificate details are updated in /root/.mozilla/default/f9d2tfjc.slt folder. Note that f9d2tfjc.slt folder name may vary with user and machine. Appropriate name has to be specified while calling initialize() method. For Windows: The certificate details are updated in C:\Documents and Settings\<user name>\Application Data\Mozilla\Firefox\Profiles\ultp6ovi.default folder. Note that ultp6ovi.default folder name may vary with user and machine. Appropriate name has to be specified while calling initialize() method.

  17. Importing CRLs To import CRLs using mozilla browser, access the CRL link from the browser. Eg. Put this link into Mozilla URL: E:\CRL_non_windows\CRL\samples\crls\NIC.crl Put this link into Mozilla URL: https://www.tcs-ca.tcs.co.in/crl.crl

  18. Follow instructions in slides 5,6 and 7. Click on Revocation Lists Check Imported CRLs Screenshots of Mozilla Firefox version 2.0.0.4

  19. Select the CRL to be deleted and click on Delete button. Check/Delete Imported CRLs Screenshots of Mozilla Firefox version 2.0.0.4

  20. Command line utilities There are two kinds of command line utilities for Mozilla to manage certificates and CRLs. All platforms which cannot perform management of certificates and CRLs can use the command line utilities. Certutil – For managing certificates. Crlutil – For managing CRLs.

  21. Command line utility – certutil Setup • To understand all the syntaxes for certutil: • Move to the folder containing certutil file. • Grant execute permissions to certutil • Set LD_LIBRARY_PATH or SHLIB_PATH for non-AIX systems to the folder containing .so/.sl files provided by TCS (libnpsign.so/sl). e.g. Export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/FormSigner/controls:. • Set LIBPATH for AIX systems to the folder containing .so/,sl files. e.g. export LIBPATH=$LIBPATH:/FormSigner/controls:. • Type ./certutil, which will list all the operations and syntaxes related to certificates. • For detailed syntaxes, type ./certutil –H.

  22. Command line utility – certutil, list and import certificates • To list certificates: • Identify the folder containing .db files (cert8.db, key3.db,secmod.db) • Run command, ./certutil -L -d /home/FormSigner/dbs/certdbs where /home/FormSigner/dbs/certdbs is the folder containing .db files. • To import a certificate: • Identify the folder containing .db files (cert8.db, key3.db, secmod.db) • Identify the folder containing certificates (.cer files) which needs to be imported. • Run the command, ./certutil -A -t "c,C,c" -n CCAIndia -i /home/FormSigner/certs/CCAIndia.cer -d /home/FormSigner/dbs/certdbs where CCAIndia is the nick name of the certificate, /home/FormSigner/certs/CCAIndia.cer is the path to the certificate file.

  23. Command line utility – certutil, delete certificates • To delete a certificate: • Identify the folder containing .db files (cert8.db, key3.db, secmod.db) • Run the command, ./certutil -D -n CCAIndia -d /home/FormSigner/dbs/certdbs where CCAIndia is the nick name of the certificate, /home/FormSigner/dbs/certdbs is the path to the .db files.

  24. Command line utility – crlutil Setup • To understand all the syntaxes for crlutil: • Move to the folder containing crlutil file. • Grant execute permissions to crlutil. • Set LD_LIBRARY_PATH or SHLIB_PATH for non-AIX systems to the folder containing .so/.sl files provided by TCS (libnpsign.so/sl). e.g. Export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/FormSigner/controls:. • Set LIBPATH for AIX systems to the folder containing .so/,sl files. e.g. export LIBPATH=$LIBPATH:/FormSigner/controls:. • Type ./crlutil, which will list all the operations and syntaxes related to CRLs. • For detailed syntaxes, type ./crlutil –H.

  25. Command line utility – crlutil, list and import CRLs • To list CRLs: • Identify the folder containing .db files (cert8.db, key3.db,secmod.db) • Run command, ./crlutil -L -d /home/FormSigner/dbs/certdbs where /home/FormSigner/dbs/certdbs is the folder containing .db files. • To import a CRL: • Identify the folder containing .db files (cert8.db, key3.db, secmod.db). • Download CRLs from the CRL URL provided by the Certifying Authority. • Identify the folder containing CRLs (.crls files) which needs to be imported. • Run the command, ./crlutil -I -i /home/FormSigner/crls/TCS.crl -d /home/FormSigner/dbs/certdbs where /home/FormSigner/crls/TCS.crl is the path to the CRL file.

  26. Command line utility – crlutil, delete CRLs • To delete all CRLs: • Identify the folder containing .db files (cert8.db, key3.db, secmod.db) • Run the command, ./crlutil -E -d /home/FormSigner/dbs/certdbs where /home/FormSigner/dbs/certdbs is the path to the .db files.

More Related