Looking for saved searches? click on "Search Bugs" above.
Status
People
(Reporter: Wan-Teh Chang, Assigned: Wan-Teh Chang)
Tracking
Firefox Tracking Flags
(Not tracked)
Details
I created a self-signed server certificate and added it to
my NSS certificate database with the "P,," trust flags.
This allows CERT_VerifyCertNow to verify the certificate
successfully. However, CERT_PKIXVerifyCert still fails
with the SEC_ERROR_UNKNOWN_ISSUER error (-8179). I have
to set the "C,," trust flags to make CERT_PKIXVerifyCert
succeed, but trusting a self-signed server certificate
as a CA ('C' means "trusted CA to issue server certificates")
gives more trust to the certificate than necessary.
|
||
Comment 1•8 years ago
|
||
I'm using this for a specific domain's self signed certificate. Does anyone know if the "C" flag allows the domain to sign arbitrary other domains, like gmail.com? Thanks, Nicholas
|
||
Comment 2•8 years ago
|
||
Nicholas, questions like yours should be asked in mozilla.dev.tech.crypto newsgroup or dev-tech-crypto mailing list.
|
(Assignee) | |
Comment 3•6 years ago
|
||
Marked this bug as a duplicate even though this bug was filed first. The other bug has more info.
Assignee: nobody → wtc
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Target Milestone: --- → 3.13.3
Duplicate of bug: 647364
You need to log in
before you can comment on or make changes to this bug.
Description
•