2. Mozilla

This section describes the behaviour of all spin offs from the original Netscape browser. This includes in the security area Opera because Opera includes the crypto stuff in the same way like Netscape. This doesn't mean that Opera includes code from Netscape or Mozilla. Opera only operates in the same way and therefore we included it here.

2.1. General

2.1.1. Requesting a certificate

If you use a Mozilla-like browser and you want to request a certificate from an OpenCA-based PKI then you have to go to the public web interface and klick onto the User area. There you can choose an option request a certificate. After this you can choose between several options (see Figure 7.1, “Request a certificate”).

You can choose the link for the automatic browser detection or more error proof the link for SPKAC-based requests. SPKAC is a special format defined by Netscape. This format is used by Netscape, Mozilla and Opera.

Please fill in your data at the next page. If you submit your data and the software finds no mistakes then you will see the data again. Please check them carefully to avoid additional work for your registration authority. If you now submit the form again then your browser generates a new private key and creates a new request with this key. This request will be send by your browser to the web server from your PKI.

Please print the last page or at minimum write down the displayed information about the necessary procedure and the displayed serials. These serials are necessary to install the later issued certificate.

2.1.2. Installing a certificate

2.2. Mozilla

2.2.1. Backup a certificate

2.2.2. Signing Data

There were several problems with Mozilla and signing in the past. The most problems should be fixed if you are using Mozilla 1.7+ or Firefox 0.9.3+.

2.2.2.1. Mozilla 1.7+ and Firefox 0.9.3+

These versions of Mozilla support the same technology like the old Section 2.3, “Netscape 4”. You must have the complete CA chain of a certificate and you must trust the CA certificate. If these requirements are meet then you can use a certificate to sign an HTML form. This is completely done in Javascript. No additional plugins are required.

2.2.2.2. Mozilla 1.0 to 1.6, Firefox up to 0.9.2 and Netscape 6 and 7

If you want to sign HTML forms with the old versions of the Mozilla browser then you must use Section 2.2.2.3, “SecClab”.

2.2.2.3. SecClab

Secclab is a XPCOM Component that implements some PKI functions. This sounds a little bit abstract but it is the official description from http://secclab.mozdev.org. In fact SecCLAB is a plugin which implements form signing.

All Mozillas from 1.0 to 1.6 and the modern Netscape version doesn't include the old crypto object from Netscape 4. This statement is correct for all Firefox up to and including 0.9.2 because Firefox uses the core code from Mozilla. The result is that your unable to sign form with these browsers. OpenCA needs this functionality to protect approved requests and to support X.509 based authentication. The plugin implements a new object class which replaces the old function signForm.

If you want to download or install the plugin from the homepage of SecCLAB then please notice that you must take care about the correct version. There are especially for Linux two different version - one for gcc3 and one for the old binaries. All new distributions use gcc3. Debian woody uses 2.95 and 2.96 (ia64). Only hppa (HP PA-RISC) uses gcc 3.0 but the plugin was only compiled for i386. After the installation you you have to quit Mozilla and start again. Please really quit Mozilla and not only close the used window (usually Ctrl-Q do the job). If you don't find the appropriate plugin in the download area then please check the installation area. There was some confusion with the gcc3 version for Linux.

If you want to sign something with a certficate then you must install the complete CA chain and you must trust the CA. The important thing is that you must trust the CA for email signing. We do not know what the signing of some data has to do with email signing but without this it does not work.

Note

It is strongly recommended to not use SecCLAB any longer because the actual Mozilla (1.7+) and Firefox (0.9.3+) versions include support for formsigning. SecCLAB was only necessary until the development team of Mozilla implemented the old feature from Netscape 4.
2.2.2.4. WaMCom

WaMCom should no longer be used because the actual versions of Firefox and Mozilla include all required components now include an up-to-date set of security patches.

2.3. Netscape 4

2.3.1. Backup a certificate

2.3.2. Signing Data

You must have the complete CA chain of a certificate and you must trust the CA certificate. If these requirements are meet then you can use a certificate to sign an HTML form. This is completely done in Javascript. No additional plugins are required.

2.4. Opera