Archive: Importing a Client Certifiacte to IE and FireFox
Importing a Client Certifiacte to IE and FireFox
Hi All,
I want to import a client certificate from IE and as well as from FireFox.Is there any option available in NSIS system to do the same.
I want to import the certificates to the Personal Trust level Or to Personal Certificates section.
If any one has done this already using NSIS or any other TOOL,kindly help me as i am new to importing client certificates from NSIS
thanks in advance
Cheers
Importing certificates to Internet Explorer can be done with ExecShell and the "add" verb. Importing to Firefox is quite a bit more complicated, but completely silent. I'll see if I can dig up the code.
Thanks for your reply that works but the wizard opens and the installation goes on.... and the user has to import the certificate manually...
is there a method to do it silently in IE
thanks for your help
Not that I know of. You can see with RegMon where it writes these to the registry and try writing there yourself. But it's not guaranteed to work on every version of Windows.
Ok..
Can you help me in importing the client certificate in Mozilla ??
thanks in advance
Attached is a header file that can add certificates to Firefox. You have to give it a path to a certificate file (CER, not CRT - that is no base64 or anything like that) and a path to the Firefox profile. I don't know yet how to add to all profiles, if that's even possible.
!insertmacro AddFirefoxCertificate $INSTDIR\blah.cer C:\path\to\firefox\profile
I might create a Wiki page from both of these solutions later, but if you beat me to the task, that'd be great.For IE there is a program called "cermgr.exe"
it allows you to install certificates to the IE's Certificate Database silently.
Thanks for your reply..
But mine is a P12 certificate when i tried to add the certificate to Mozilla by Using the include file given by you... its not working :(
as it requires a password (p12 Certificate)...
please suggest ....
You must convert it to CRT. There are plenty of tools for conversion between format. OpenSSL can do it, if I recall correctly.
I'm trying to use your header file to install a .cer file, but it dosn't install it :(
I gave it the path to the .cer file and also the path to the profile (something like this C:\Documents and Settings\kuku\Application Data\Mozilla\Firefox\Profiles\bv33xvir.default)
Is it possible to get any idea why its not installing ?
Originally posted by kichik
Attached is a header file that can add certificates to Firefox. You have to give it a path to a certificate file (CER, not CRT - that is no base64 or anything like that) and a path to the Firefox profile. I don't know yet how to add to all profiles, if that's even possible.I might create a Wiki page from both of these solutions later, but if you beat me to the task, that'd be great.!insertmacro AddFirefoxCertificate $INSTDIR\blah.cer C:\path\to\firefox\profile
I was able to make it run, but still I have a problem.
My certificate was installed inside Authorities but when I select this certificate and click edit I see that non of checkboxes for trust settings were selected.
Can I select them somehow from NSIS ?
Are you sure it doesn't work this way? It's a root certificate, so it doesn't need to identify websites itself. But certificates it signs probably inherit its permissions, so I guess you're right.
CERT_ChangeCertTrust needs to be called to add a trusted rule for the certificate. DB handle can be NULL, certificate handle is already present in code and the trust structure seems like a pretty simple structure that can be easily allocated.
I'm ot a big expert in NSIS or programin so I'm not sure I will be able to make it, but thanks anyway.
I will give it a try and if I will be able to make it work I will post the changed code here.
BTW was you able to find a way to install certificate to all profiles ?
Thank you very much again.
I've created a wiki page for both Internet Explorer and Windows. Internet Explorer's code was actually way simpler than Firefox.
http://nsis.sourceforge.net/Import_Root_Certificate