Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
userspace:mozilla_nss [2013/09/27 18:00]
wolfbardo
userspace:mozilla_nss [2013/09/27 18:04] (current)
wolfbardo
Line 10: Line 10:
 Full-Package at Full-Package at
 http://​download.uib.de/​opsi4.0/​products/​contribute/​full-package/​ http://​download.uib.de/​opsi4.0/​products/​contribute/​full-package/​
- 
- 
-; This sourcecode is owned by uib 
-; and published under the Terms of the General Public License. 
-; credits: http://​www.opsi.org/​en/​credits/​ 
-; Copyright (c) uib gmbh (www.uib.de) 
- 
-[Actions] 
-DefVar $dummy$ 
-DefVar $PREF_FILE$ 
-DefVar $preftype$ 
-DefStringList $profiles$ 
-DefVar $akt_profile_ini$ 
-DefVar $akt_prefs_path$ 
-DefVar $AppData$ 
-DefVar $rel_prefs_path$ 
-DefVar $mozilla_userpath$ ​ 
-DefVar $INST_OpsiclientdCertificateFile$ 
-DefVar $INST_OpsiclientdDir$ 
- 
-if getMsVersionInfo >= "​6"​ 
-          set $AppData$ = "​\AppData\Roaming"​ 
-else 
- comment "not supported OS" 
-endif 
- 
-Set $preftype$ = "​user_pref"​ 
-Set $PREF_FILE$ = "​prefs.js"​ 
- 
-Set $INST_OpsiclientdDir$ ​ = "​%ProgramFiles32Dir%\opsi.org\opsi-client-agent\opsiclientd"​ 
-Set $INST_OpsiclientdCertificateFile$ = $INST_OpsiclientdDir$+"​\opsiclientd.pem"​ 
- 
-comment " Example for Mozilla Firefox"​ 
-; populate default db see section CertifikatMozillalösung 
-set $akt_prefs_path$ ="​%ProgramFiles32Dir%\Mozilla Firefox\defaults\profile"​ 
- 
-if ((NOT (FileExists($akt_prefs_path$+"​\key3.db"​))) ​    ​OR ​ (NOT (FileExists($akt_prefs_path$+"​\cert8.db"​)))) OR (NOT (FileExists($akt_prefs_path$+"​\secmod.db"​))) 
-        ;​Files_copy_default_db 
- ; https://​developer.mozilla.org/​en-US/​docs/​NSS_security_tools/​certutil 
- ; Creating New Security Databases 
-   
- DosInAnIcon_createNewSecurityDatabase 
-endif 
- 
-DosInAnIcon_certutil 
- 
-Set $mozilla_userpath$ = "​\Mozilla\Firefox"​ 
-comment "get user directories via dosbatch dir command"​ 
-Set $profiles$ = getOutStreamFromSection ('​dosbatch_profiledir'​) 
-comment "loop over the result"​ 
-for $x$ in $profiles$ do sub_patch_prefs_file 
- 
-comment " Example for Mozilla thunderbird"​ 
-; populate default db see section CertifikatMozillalösung 
-set $akt_prefs_path$ ="​%ProgramFiles32Dir%\Mozilla Thunderbird\defaults\profile"​ 
- 
-if ((NOT (FileExists($akt_prefs_path$+"​\key3.db"​))) ​    ​OR ​ (NOT (FileExists($akt_prefs_path$+"​\cert8.db"​)))) OR (NOT (FileExists($akt_prefs_path$+"​\secmod.db"​))) 
-        ;​Files_copy_default_db 
- ; https://​developer.mozilla.org/​en-US/​docs/​NSS_security_tools/​certutil 
- ; Creating New Security Databases 
-   
-endif 
- 
-DosInAnIcon_certutil 
- 
-Set $mozilla_userpath$ = "​\Thunderbird"​ 
-comment "get user directories via dosbatch dir command"​ 
-Set $profiles$ = getOutStreamFromSection ('​dosbatch_profiledir'​) 
-comment "loop over the result"​ 
-for $x$ in $profiles$ do sub_patch_prefs_file 
-[comment " simple template for using mozilla nss tools "] 
-;​http://​www.mozilla.org/​projects/​security/​pki/​nss/​tools/​ 
-;​http://​www.mozilla.org/​projects/​security/​pki/​nss/​tools/​certutil.html 
- 
- 
- 
- 
-[dosbatch_profiledir] 
-@echo off 
-dir "​%ProfileDir%"​ /b 
- 
-[sub_patch_prefs_file] 
-;Set $akt_profile_ini$ = "​%ProfileDir%\"​+"​$x$"​+$AppData$+"​\Mozilla\Firefox\profiles.ini"​ 
-Set $akt_profile_ini$ = "​%ProfileDir%\"​+"​$x$"​+$AppData$+$mozilla_userpath$+"​\profiles.ini"​ 
-if FileExists($akt_profile_ini$) 
- Set $rel_prefs_path$ = GetValueFromInifile($akt_profile_ini$,"​Profile0","​Path",""​) 
- ; try to handle profiles.ini prefs_path absolut not relativ 
- ; http://​kb.mozillazine.org/​Profiles.ini_file 
- ; profiles.ini IsRelative=1 (true) IsRelative=0 (false) for example Path=D:​\Mozilla\Firefox\Profiles\sheldon 
- 
- Set $dummy$ = GetValueFromInifile($akt_profile_ini$,"​Profile0","​IsRelative",""​) 
- if ( $dummy$ = "​1"​ ) 
- comment "​relativ path" 
- Set $akt_prefs_path$ = "​%ProfileDir%\"​+"​$x$"​+$AppData$+"​\Mozilla\Firefox\"​+$rel_prefs_path$ 
- else 
- comment "​absolut path" 
- Set $akt_prefs_path$ = $rel_prefs_path$ 
- endif 
-  
- if ((NOT (FileExists($akt_prefs_path$+"​\key3.db"​))) ​    ​OR ​ (NOT (FileExists($akt_prefs_path$+"​\cert8.db"​)))) OR (NOT (FileExists($akt_prefs_path$+"​\secmod.db"​))) 
-        ;​Files_copy_default_db 
- DosInAnIcon_createNewSecurityDatabase 
- endif 
- 
- DosInAnIcon_certutil 
-endif 
- 
-[DosInAnIcon_createNewSecurityDatabase] 
-%SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -N -d "​$akt_prefs_path$"​ 
- 
-[DosInAnIcon_certutil] 
-%SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -L -d "​$akt_prefs_path$"​ 
-%SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -A -n "​certifikatOPSISERVER"​ -t "​TC,​TC,​TC"​ -i %SCRIPTPATH%\opsiconfd.pem -d "​$akt_prefs_path$"​ 
-%SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -A -n "​certifikatOPSIclientd"​ -t "​TC,​TC,​TC"​ -i "​$INST_OpsiclientdCertificateFile$"​ -d "​$akt_prefs_path$"​ 
-%SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -L -d "​$akt_prefs_path$"​ 
-%SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -L -n "​certifikatOPSISERVER"​ -d "​$akt_prefs_path$"​ 
-%SCRIPTPATH%\nss-3.12.4\bin\certutil.exe -L -n "​certifikatOPSIclientd"​ -d "​$akt_prefs_path$"​ 
- 
-[Files_copy_default_db] 
-copy %SCRIPTPATH%\nss-3.12.4\db\*db "​$akt_prefs_path$\"​ 
- 
- 
-[CertifikatMozillalösung] 
- 
-https://​mail.mozilla.org/​pipermail/​tb-enterprise/​2011-September/​000135.html 
-https://​mail.mozilla.org/​pipermail/​tb-enterprise/​2011-September/​000139.html 
- 
-I have noticed modutil with -create option will create a secmod.db, 
-cert8.db and key3.db (9?) files, unless you specify -nocertdb option. 
-As stated in here: 
- 
-http://​bahut.alma.ch/​2011/​07/​importing-root-certificates-into.html 
- 
-A very late reply, but since it may be useful to others, here it is: 
- 
-After manually importing the certificate(s),​ save a copy of the "​cert8.db"​ file from your profile directory. 
-Copy that cert8.db file to the program directory ("​C:​\Program Files (x86)/​Mozilla Thunderbird"​) into a "/​defaults/​profile"​ subdirectory. 
- 
-That works well, for both Firefox and Thunderbird,​ for new profiles. For existing profiles, you need to overwrite their cert8.db in their user profile. 
- 
-An alternative to creating the master cert8.db by manually importing certificates through the Mozilla GUI, is to use the libnss certutil command as described in my first message in this thread. 
  

QR Code
QR Code userspace:mozilla_nss (generated for current page)