back to 1997... :) we are performing partial CA server migration (Netscape CMS 1.01). Basicaly all we need from old server is signing key pair, stored in file C:\Netscape\Server\cms-nsca1\config\CASigningKey.db. This seems hard to do. There is one way:
a) obtain Netscape CMS 4.x and use their: <server_root>/bin/cert/tools/migrate/<platform> migration tool. If someone has this tools for x86 platform it would be great if he could provide us with them, thank. b) try with conversions; I replaced key.db and cert5.db in Netscape Navigator 3.01 with CASigningKey.db and ServerCert.db files and imported root CA certificate into cert file. Then I used new key.db and cert5.db with Netscape Navigator 4.79 and got key3.db and cert7.db files. II then used NSS 3.7 tools to try to extract the key pair and ran into this: C:\NSS\bin>dbtest -d C:\NSS\BIN\CA dbdir selected is C:\NSS\BIN\CA database checked is C:\NSS\BIN\CA/secmod.db database checked is C:\NSS\BIN\CA/cert7.db database checked is C:\NSS\BIN\CA/key3.db C:\NSS\bin>certutil -K -d C:\NSS\BIN\CA Enter Password or Pin for "NSS Certificate DB": <0> Signing-Key - this should be the right key - password worked C:\NSS\bin>pk12util -o keypair -d C:\NSS\Bin\CA -n "<ca_name>" Enter Password or Pin for "NSS Certificate DB": pk12util: no user certs from given nickname: Peer's public key is invalid. - we only need the keypair, without certificate... Any idea is wellcome; I am now trying MOZ2PEM... Have a nice day, Blaz