I have been trying to set up a private certificate authority so that I
can sign jar files used within the organisation I work at, for use in
Mozilla applications. I followed the steps on chapter 12 of the
O'Reilly Mozilla book, and ran into problems at the end when trying to
sign jar files. I then found articles in this newsgroup pointing out
errors in the text. So I followed the steps laid out in the draft
revision of that chapter http://certs.mozdev.org/cadraft.html), and I
still have problems.
Here are the steps I am doing:
mkdir CA
mkdir JAR
certutil -N -d CA
certutil -d CA -S -s CN=I2 root CA, O=I2 -n I2 -t ,,C -v 96 -x
-1 -2 -5
certutil -d CA -L
certutil -L -d CA -n I2 -a -o CA/root.cacert
pp -t certificate -a -i CA/root.cacert
certutil -d JAR -A -n I2 -t ,,C -i CA/root.cacert
At this point, according to the documentation on the webpage I should
have to enter a password, but instead the command completes without
asking for one. If I continue...
certutil -L -d JAR
certutil -d JAR -R -o JAR/req.txt -a -s CN=I2 signing cert, O=I2 -v
95
I get the following error:
certutil: unable to generate key(s)
: An I/O error occurred during security authorization.
I found articles in this newsgroup relating to this error, when the
key3.db and secmod.db file are deleted, but I have not been deleting
them.
What am I doing wrong? Hope someone can help!
Regards,
Neil