Paul wrote: > I got the tree by right-clicking on the certificate and selecting > "Open" in Windows.
In FireFox on Windows? or in Windows Explorer (file manager) ? or in Windows cert manager? or ? MS Windows has its own cert store and its own cert manager, which are completely separate from the ones used by mozilla products such as FireFox. AFAIK, no FireFox products ever list the cert chain with the leaf (EE) cert on top and the root cert on bottom, which makes me suspect that you might have been looking in NS Windows' software rather than FireFox's. > And yes, I got the contents of the my certificate db with certutil -L OK. > The good news is that there is a * beside "Thawte Code Signing CA" when > I do > > certutil -L -d . I'm not aware of any special significance of an asterisk in the output of NSS's certutil program. > Also, I was able to sign my code using a temporary certificate. How was that temp cert different from the other one? > However, when I do > > signtool -d . -k "Thawte Code Signing CA" -p "<pwd>" signed/ > > I get : > warning - can't find private key for this cert Right. You tried to sign using Thawte's CA cert, and you don't have the private key for that cert. > signtool: PROBLEM signing data (Unknown Issuer) That's strange. But I think it's irrelevant. The primary problem was not having the private key. -- Nelson B _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
