Re: Question about cert nickname
LiuPeng wrote: Does anybody know how to change a cert nick name? (The cert already in cert db file,and has an old nick name). NSS doesn't make that easy :-( In NSS, a nickname doesn't identify a cert, but rather identifies a Subject Name that may identify one or more certs. Two certs with the same subject name will/must have the same nickname in NSS. When a cert is imported into the certDB with a subject name that does not match the subject name of any cert already in the DB, then a nickname is created for that new subject name. You might get to choose the nickname, or it might be chosen automatically, depending on how it is imported. When a second or later cert with the same subject name is imported, it uses the same nickname that was previously associated with that subject name. P12 files often have nicknames in them. When you import a cert from a P12 file that has a nickname, then NSS will use the nickname in the P12 file unless there is already a cert with the same subject name in the cert DB. If there is already such a cert, then the nickname of that cert will continue to apply to all certs with the same subject name, and the nickname in the p12 file will be ignored (if I recall correctly). The only way to change the nickname on a cert is to delete ALL certs with that nickname from the cert DB, and then reimport them all. When you import the first cert, you may get to pick the nickname. Be sure not to delete a user cert (a cert for which you have the private key) unless you back it up first into a p12 file. Scott Rea wrote: I think the easiest way is to export the cert to a P12, delete from db, import the cert with nickname of your choice... If I recall correctly, when you export a cert into a .p12 file with mozilla, the nickname of that cert is also copied into the .p12 file. So, changing the name of a user cert can be tricky indeed. ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3
Rich Megginson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]... Rodrigue Butaye wrote: Everithing is working. I use the nss-3.8. I don't know why but in my netscape directory were two cert.db one cert7.db and one cert8.db. Right. The cert db format has changed with NSS 3.6 (or 3.7?). The new version will automatically convert any old cert7.db to the new cert8.db format. Yes - but signtool doesn't recognize cert8.db. How do you sign things now? Nick ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
listTokens
Does anyone know if there is some way to get a list of the available PKCS#11 tokens for a particular client using Javascript and XPCOM? If I do a keygen, I am prompted to choose one of the available tokens - basically I want to capture which token the user is selecting. The nsIPK11TokenDB interface in the @mozilla.org/security/pk11tokendb;1 class has a listTokens method but I cannot seem to get it to return anything. Any help would be most appreciated -Scott ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3
Hi, Yes - but signtool doesn't recognize cert8.db. How do you sign things now? The signtool furnished with nss3.8 recognizes the cert8.db I think(nearly sure). Rodrigue ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: signtool 1.3
Nicholas Wright wrote: Yes - but signtool doesn't recognize cert8.db. How do you sign things now? If you get a full distribution of NSS 3.8, or build it yourself, the signtool will work with cert8.db . ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Re: Question about cert nickname
Thank you for Nelson Bolyard. Nelson Bolyard [EMAIL PROTECTED] news:[EMAIL PROTECTED] LiuPeng wrote: Does anybody know how to change a cert nick name? (The cert already in cert db file,and has an old nick name). NSS doesn't make that easy :-( In NSS, a nickname doesn't identify a cert, but rather identifies a Subject Name that may identify one or more certs. Two certs with the same subject name will/must have the same nickname in NSS. When a cert is imported into the certDB with a subject name that does not match the subject name of any cert already in the DB, then a nickname is created for that new subject name. You might get to choose the nickname, or it might be chosen automatically, depending on how it is imported. When a second or later cert with the same subject name is imported, it uses the same nickname that was previously associated with that subject name. P12 files often have nicknames in them. When you import a cert from a P12 file that has a nickname, then NSS will use the nickname in the P12 file unless there is already a cert with the same subject name in the cert DB. If there is already such a cert, then the nickname of that cert will continue to apply to all certs with the same subject name, and the nickname in the p12 file will be ignored (if I recall correctly). The only way to change the nickname on a cert is to delete ALL certs with that nickname from the cert DB, and then reimport them all. When you import the first cert, you may get to pick the nickname. Be sure not to delete a user cert (a cert for which you have the private key) unless you back it up first into a p12 file. Scott Rea wrote: I think the easiest way is to export the cert to a P12, delete from db, import the cert with nickname of your choice... If I recall correctly, when you export a cert into a .p12 file with mozilla, the nickname of that cert is also copied into the .p12 file. So, changing the name of a user cert can be tricky indeed. ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
Missing nss libraries in Darwin tarball
Hi, I am attempting to build an application that requires the NSS libraries. When I downloaded the current tarball (version 3.8) for Darwin (OS X), the lib directory is empty. This is not the case in tarballs for other OSes. Where can I find the libraries already compiled for Darwin? If none are available, will they be built during compiling of the source? Thanks. ___ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
