Timothy J Miller wrote, On 04/01/2008 09:34 AM:
On Apr 1, 2008, at 7:53 AM, Todd Denniston wrote:
also don't forget to use redhat's undocumented tool "certutil" to
stuff the CA's in the appropriate barely documented nssdb place.
Alternatively, load trust in Firefox and copy the db's from your profile
into place. :)
-- Tim
neat trick.
But wouldn't that get some of the other CA's like Thawte, USPS and VeriSign
that you may not want to trust allowing folks into your box?
Granted, your /etc/passwd|yp domain|LDAP should only have common names for the
folks you want in, but these other CA's could issue certs for the same common
name. (right?)
--
Todd Denniston
Crane Division, Naval Surface Warfare Center (NSWC Crane)
Harnessing the Power of Technology for the Warfighter
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
