I am making a small utility that will load all Firefox profiles on a machine with a custom CA. I have been successful using the certutil binary as part of NSS Tools.
However, I was wondering how portable I can make certutil? Is it possible to compile only certutil or do I need to build the entire NSS tools in order for it to work?
Any ideas on how to get certutil as small and portable as possible would be greatly appreciated. Thanks!
You can build an add-on with your custom CA
An example with the add-on SDK:
const {Cc, Ci, Cu} = require("chrome");
var {XPCOMUtils} = Cu.import("resource://gre/modules/XPCOMUtils.jsm");
var self = require("sdk/self");
function installCert(CertName, CertTrust) {
var gIOService = Cc["@mozilla.org/network/io-service;1"]
.getService(Ci.nsIIOService);
var certDB = Cc["@mozilla.org/security/x509certdb;1"]
.getService(Ci.nsIX509CertDB2);
var scriptableStream = Cc["@mozilla.org/scriptableinputstream;1"]
.getService(Ci.nsIScriptableInputStream);
var scriptableStream = Cc["@mozilla.org/scriptableinputstream;1"]
.getService(Ci.nsIScriptableInputStream);
var channel = gIOService.newChannel(self.data.url(CertName), null, null);
var input = channel.open();
scriptableStream.init(input);
var certfile = scriptableStream.read(input.available());
scriptableStream.close();
input.close();
var beginCert = "-----BEGIN CERTIFICATE-----";
var endCert = "-----END CERTIFICATE-----";
certfile = certfile.replace(/[\r\n]/g, "");
var begin = certfile.indexOf(beginCert);
var end = certfile.indexOf(endCert);
var cert = certfile.substring(begin + beginCert.length, end);
certDB.addCertFromBase64(cert, CertTrust, "");
}
exports.main = function() {
installCert("custom-ca.crt", "C,c,c");
}
And you can deploy in your system for all profiles with the Global installation:
http://kb.mozillazine.org/Installing_extensions#Global_installation
A production example: https://addons.mozilla.org/en-US/firefox/addon/cacert-root-certificate/