2. Mozilla

This section describes the behaviour of all spin offs from the original Netscape browser. This includes in the security area Opera because Opera includes the crypto stuff in the same way like Netscape. This doesn't mean that Opera includes code from Netscape or Mozilla. Opera only operates in the same way and therefore we included it here.

2.1. General

2.1.1. Requesting a certificate

If you use a Mozilla-like browser and you want to request a certificate from an OpenCA-based PKI then you have to go to the public web interface and klick onto the User area. There you can choose an option request a certificate. After this you can choose between several options (see Figure 7.1).

You can choose the link for the automatic browser detection or more error proof the link for SPKAC-based requests. SPKAC is a special format defined by Netscape. This format is used by Netscape, Mozilla and Opera.

Please fill in your data at the next page. If you submit your data and the software finds no mistakes then you will see the data again. Please check them carefully to avoid additional work for your registration authority. If you now submit the form again then your browser generates a new private key and creates a new request with this key. This request will be send by your browser to the web server from your PKI.

Please print the last page or at minimum write down the displayed informations about the necessary procedure and the displayed serials. These serials are necessary to install the later issued certificate.

2.1.2. Installing a certificate

2.2. Mozilla

2.2.1. Backup a certificate

2.2.2. Signing Data

2.2.2.1. SecClab

Secclab is a XPCOM Component that implements some PKI functions. This sounds a little bit abstract but it is the official description from http://secclab.mozdev.org. In fact SecCLAB is a plugin which implements form signing.

All Mozillas from 1.0 to 1.6 and the modern Netscape version doesn't include the old crypto object from Netscape 4. The result is that your unable to sign form with these browsers. OpenCA needs this functionality to protect approved requests and to support X.509 based authentication. The plugin implements a new object class which replaces the old function signForm.

If you want to download or install the plugin from the homepage of SecCLAB then please notice that you must take care about the correct version. There are especially for Linux two different version - one for gcc3 and one for the old binaries. All new distributions use gcc3. Debian woody uses 2.95 and 2.96 (ia64). Only hppa (HP PA-RISC) uses gcc 3.0 but the plugin was only compiled for i386. After the installation you you have to quit Mozilla and start again. Please really quit Mozilla and not only close the used window (usually Ctrl-Q do the job). If you don't find the appropriate plugin in the download area then please check the installation area. There was some confusion with the gcc3 version for Linux.

2.2.2.2. WaMCom

2.2.3. Mozilla 1.0 and Netscape 6 and 7

2.3. Netscape 4

2.3.1. Backup a certificate

2.3.2. Signing Data

2.4. Opera