[cryptography] really sub-CAs for MitM deep packet inspectors?

Harald Hanche-Olsen hanche at math.ntnu.no
Thu Dec 1 14:42:23 EST 2011


[ianG <iang at iang.org> (2011-12-01 16:43:59 UTC)]

> I'm just poking around, it seems that Certificate Patrol should keep
> the cert.
> 
> In Firefox
> 
> Tools / Add-ons / Certificate Patrol / Preferences / View Certificates
> / getting tired now / [...] / ... time for a stiff drink [...]

As an alternative, you can just go and get them backstage. There is a
file CertPatrol.sqlite in your profile directory. You can point
sqlite3 at it and muck around with sql commands until you find the
cert you want. There is only one table of note in there, helpfully
named "certificates". The columns themselves have helpful names, with
the cert column being of type blob. So I guess a few lines of python
might be the easiest way to extract it.

- Harald



More information about the cryptography mailing list