I have verified that "Thawte Premium Server CA" is built in (using certutil -L -d . -h all).
"Thawte Code Signing CA - Thawte Consulting cc" is not. I have the private key, but it's in a separate file. The only way I know of importing it into an NSS db is to convert the cert + key to a p12 file using IE. But certutil and pp both choke on my PKCS12 files - they both give me "improperly formatted DER-encoded message". They both work fine on my certs if I don't include the keys, i.e., if I export as DER or base-64, but then signtool can't find the private key (obviously). So my 3 hypotheses are: 1. That I need to get the Thawte Code Signing key 2. That I'm running into a known bug in NSS (see above) 3. The certificate is bad _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
