Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
userspace:mozilla_nss [2013/09/27 18:00] wolfbardo |
userspace:mozilla_nss [2013/09/27 18:04] (current) wolfbardo |
||
---|---|---|---|
Line 10: | Line 10: | ||
Full-Package at | Full-Package at | ||
http://download.uib.de/opsi4.0/products/contribute/full-package/ | http://download.uib.de/opsi4.0/products/contribute/full-package/ | ||
- | |||
- | |||
- | ; This sourcecode is owned by uib | ||
- | ; and published under the Terms of the General Public License. | ||
- | ; credits: http://www.opsi.org/en/credits/ | ||
- | ; Copyright (c) uib gmbh (www.uib.de) | ||
- | |||
- | [Actions] | ||
- | DefVar $dummy$ | ||
- | DefVar $PREF_FILE$ | ||
- | DefVar $preftype$ | ||
- | DefStringList $profiles$ | ||
- | DefVar $akt_profile_ini$ | ||
- | DefVar $akt_prefs_path$ | ||
- | DefVar $AppData$ | ||
- | DefVar $rel_prefs_path$ | ||
- | DefVar $mozilla_userpath$ | ||
- | DefVar $INST_OpsiclientdCertificateFile$ | ||
- | DefVar $INST_OpsiclientdDir$ | ||
- | |||
- | if getMsVersionInfo >= "6" | ||
- | set $AppData$ = "\AppData\Roaming" | ||
- | else | ||
- | comment "not supported OS" | ||
- | endif | ||
- | |||
- | Set $preftype$ = "user_pref" | ||
- | Set $PREF_FILE$ = "prefs.js" | ||
- | |||
- | Set $INST_OpsiclientdDir$ = "%ProgramFiles32Dir%\opsi.org\opsi-client-agent\opsiclientd" | ||
- | Set $INST_OpsiclientdCertificateFile$ = $INST_OpsiclientdDir$+"\opsiclientd.pem" | ||
- | |||
- | comment " Example for Mozilla Firefox" | ||
- | ; populate default db see section CertifikatMozillalösung | ||
- | set $akt_prefs_path$ ="%ProgramFiles32Dir%\Mozilla Firefox\defaults\profile" | ||
- | |||
- | if ((NOT (FileExists($akt_prefs_path$+"\key3.db"))) OR (NOT (FileExists($akt_prefs_path$+"\cert8.db")))) OR (NOT (FileExists($akt_prefs_path$+"\secmod.db"))) | ||
- | ;Files_copy_default_db | ||
- | ; https://developer.mozilla.org/en-US/docs/NSS_security_tools/certutil | ||
- | ; Creating New Security Databases | ||
- | |||
- | DosInAnIcon_createNewSecurityDatabase | ||
- | endif | ||
- | |||
- | DosInAnIcon_certutil | ||
- | |||
- | Set $mozilla_userpath$ = "\Mozilla\Firefox" | ||
- | comment "get user directories via dosbatch dir command" | ||
- | Set $profiles$ = getOutStreamFromSection ('dosbatch_profiledir') | ||
- | comment "loop over the result" | ||
- | for $x$ in $profiles$ do sub_patch_prefs_file | ||
- | |||
- | comment " Example for Mozilla thunderbird" | ||
- | ; populate default db see section CertifikatMozillalösung | ||
- | set $akt_prefs_path$ ="%ProgramFiles32Dir%\Mozilla Thunderbird\defaults\profile" | ||
- | |||
- | if ((NOT (FileExists($akt_prefs_path$+"\key3.db"))) OR (NOT (FileExists($akt_prefs_path$+"\cert8.db")))) OR (NOT (FileExists($akt_prefs_path$+"\secmod.db"))) | ||
- | ;Files_copy_default_db | ||
- | ; https://developer.mozilla.org/en-US/docs/NSS_security_tools/certutil | ||
- | ; Creating New Security Databases | ||
- | |||
- | endif | ||
- | |||
- | DosInAnIcon_certutil | ||
- | |||
- | Set $mozilla_userpath$ = "\Thunderbird" | ||
- | comment "get user directories via dosbatch dir command" | ||
- | Set $profiles$ = getOutStreamFromSection ('dosbatch_profiledir') | ||
- | comment "loop over the result" | ||
- | for $x$ in $profiles$ do sub_patch_prefs_file | ||
- | [comment " simple template for using mozilla nss tools "] | ||
- | ;http://www.mozilla.org/projects/security/pki/nss/tools/ | ||
- | ;http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html | ||
- | |||
- | |||
- | |||
- | |||
- | [dosbatch_profiledir] | ||
- | @echo off | ||
- | dir "%ProfileDir%" /b | ||
- | |||
- | [sub_patch_prefs_file] | ||
- | ;Set $akt_profile_ini$ = "%ProfileDir%\"+"$x$"+$AppData$+"\Mozilla\Firefox\profiles.ini" | ||
- | Set $akt_profile_ini$ = "%ProfileDir%\"+"$x$"+$AppData$+$mozilla_userpath$+"\profiles.ini" | ||
- | if FileExists($akt_profile_ini$) | ||
- | Set $rel_prefs_path$ = GetValueFromInifile($akt_profile_ini$,"Profile0","Path","") | ||
- | ; try to handle profiles.ini prefs_path absolut not relativ | ||
- | ; http://kb.mozillazine.org/Profiles.ini_file | ||
- | ; profiles.ini IsRelative=1 (true) IsRelative=0 (false) for example Path=D:\Mozilla\Firefox\Profiles\sheldon | ||
- | |||
- | Set $dummy$ = GetValueFromInifile($akt_profile_ini$,"Profile0","IsRelative","") | ||
- | if ( $dummy$ = "1" ) | ||
- | comment "relativ path" | ||
- | Set $akt_prefs_path$ = "%ProfileDir%\"+"$x$"+$AppData$+"\Mozilla\Firefox\"+$rel_prefs_path$ | ||
- | else | ||
- | comment "absolut path" | ||
- | Set $akt_prefs_path$ = $rel_prefs_path$ | ||
- | endif | ||
- | |||
- | if ((NOT (FileExists($akt_prefs_path$+"\key3.db"))) OR (NOT (FileExists($akt_prefs_path$+"\cert8.db")))) OR (NOT (FileExists($akt_prefs_path$+"\secmod.db"))) | ||
- | ;Files_copy_default_db | ||
- | DosInAnIcon_createNewSecurityDatabase | ||
- | endif | ||
- | |||
- | DosInAnIcon_certutil | ||
- | endif | ||
- | |||
- | [DosInAnIcon_createNewSecurityDatabase] | ||
- | %SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -N -d "$akt_prefs_path$" | ||
- | |||
- | [DosInAnIcon_certutil] | ||
- | %SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -L -d "$akt_prefs_path$" | ||
- | %SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -A -n "certifikatOPSISERVER" -t "TC,TC,TC" -i %SCRIPTPATH%\opsiconfd.pem -d "$akt_prefs_path$" | ||
- | %SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -A -n "certifikatOPSIclientd" -t "TC,TC,TC" -i "$INST_OpsiclientdCertificateFile$" -d "$akt_prefs_path$" | ||
- | %SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -L -d "$akt_prefs_path$" | ||
- | %SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -L -n "certifikatOPSISERVER" -d "$akt_prefs_path$" | ||
- | %SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -L -n "certifikatOPSIclientd" -d "$akt_prefs_path$" | ||
- | |||
- | [Files_copy_default_db] | ||
- | copy %SCRIPTPATH%\nss-3.12.4\db\*db "$akt_prefs_path$\" | ||
- | |||
- | |||
- | [CertifikatMozillalösung] | ||
- | |||
- | https://mail.mozilla.org/pipermail/tb-enterprise/2011-September/000135.html | ||
- | https://mail.mozilla.org/pipermail/tb-enterprise/2011-September/000139.html | ||
- | |||
- | I have noticed modutil with -create option will create a secmod.db, | ||
- | cert8.db and key3.db (9?) files, unless you specify -nocertdb option. | ||
- | As stated in here: | ||
- | |||
- | http://bahut.alma.ch/2011/07/importing-root-certificates-into.html | ||
- | |||
- | A very late reply, but since it may be useful to others, here it is: | ||
- | |||
- | After manually importing the certificate(s), save a copy of the "cert8.db" file from your profile directory. | ||
- | Copy that cert8.db file to the program directory ("C:\Program Files (x86)/Mozilla Thunderbird") into a "/defaults/profile" subdirectory. | ||
- | |||
- | That works well, for both Firefox and Thunderbird, for new profiles. For existing profiles, you need to overwrite their cert8.db in their user profile. | ||
- | |||
- | An alternative to creating the master cert8.db by manually importing certificates through the Mozilla GUI, is to use the libnss certutil command as described in my first message in this thread. | ||