Re: Problems with Mozilla/Netscape PSM JavaScript API
Michael Ströder [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Ricardo Barroso wrote: The problem is that the PKCS#10 that generateCRMFRequest() method returns fails to decode in tha CA - and I know that is not a problem of my CA, and I've tested that with other CA. If I use the KEYGEN tag to create the PKCS#10 it goes all ok, 1. keygen tag does *not* generate a PKCS#10 request. It's a SPKAC request. That makes a difference! Do you know if it's usual that CAs support Netscape Signed Public Key And Challenge (SPKAC)? What are the main differences betwwen PKCS#10 and SPKAC? 2. A CRMF request may contain a PKCS#10 request. But it's more than that. Your CA has to handle CMP/CRMF. It might help if you tell us which CA product you're using. I'm using an Entrust CA 5.1 and I've also used a very good on-line CA (that I recommend to everyone) to make some tests: http://pki.ssh.com:8080/enroll-form-start.html and the SPKAC generated works well there! but despite that, when I try to install the certificate issued by one CA the importUserCertificates() also fails with and returns the fail code: 0x80004005 (NS_ERROR_FAILURE)... How are you sure that your CA returns exactly the right response? Well, isn't it supposed!? I tried it with that 2 differente CAs mencioned above... and they work very well with the IE requests. Do you already have used importUserCertificates() javascript method with success? What I have done to go around that problem, it was to redirect the browser to a (.cer or .crt) file with the PKCS#7 certificate and it works fine with Mozilla because it automatically asks If I want to install the certificate. I have also been trying to do that without the need of generate a file for each certificate but I wasn't able to do that! Maybe If I do a script or cgi in the server side to return that with the correct MIME-type it works, but locally I can't do it! Thanks to all the people who have or are trying to help me... Best regards, Ricardo Barroso Ciao, Michael.
Re: PKCS12 decode validate bags failed
Zeke, Zeke wrote: Hi. I have a one simple (?) problem. ;) When I try to export certificate to my smart card, like: pk12util.exe -d .\ -i good.p12 -h GemSAFE Smart Card I see error message: How many certificates and keys does your P12 file contain ? And of what type (signing, encrypting, etc). How did you generate that P12 file ? pk12util: no nickname for cert...not handled pk12util.exe: PKCS12 decode validate bags failed: The user pressed cancel. What's wrong ? Most likely : - your p12 does not have a nickname for the certificate - your certificate does not have a DN NSS needs a nickname to import the certificate, and it doesn't have one. pk12util currently does not have a way to prompt the user for a nickname during the import phase, only for the export phase. You should open an RFE for this in bugzilla, component NSS / tools. In the short term, you should try to regenerate your p12 file so that it has a nickname, or add a DN to your certificate. -- Except for the lack of debugging and the ps thing, [Linux] kernel threads are generally fine right now. And if you're not too fussed about the more fiddly details of POSIX threads, and your application doesn't spend most of its time in thread creation, then LinuxThreads is great too. Linux-Kernel archive