[EMAIL PROTECTED] wrote, On 2008-08-22 12:09: > On aug. 22, 19:43, Nelson B Bolyard <[EMAIL PROTECTED]> wrote:
>> What version of NSS are you using? > > nss 3.11.4 > nspr 4.6.4 > >> If you run the signtool program without any command line options, it outputs >> a page of "usage" information. The first non-blank line of that >> output looks like this: >> >> Signing Tool <VERSION> - a signing tool for jar files > > Signing Tool 3.11.4 Basic ECC - a signing tool for jar files Thanks for all the info. > You tell me if something is missing, see a bove the list > I have in the ms cert store this as well > > Issued To > VeriSign Class 3 Code Signing 2004 CA > > Certification path > VeriSign Class 3 Public Primary CA > VeriSign Class 3 Code Signing 2004 CA When you created the pfx, Microsoft's cert export wizard should have put that cert into the pfx file along with your code signing cert, but obviously it didn't. I know that the Windows' cert store is not one cert store but actually many (MANY) cert stores. I wonder if perhaps that cert is somehow in "the wrong one"? I'm not enough of a Windows cert store guru to tell you how to get that cert into your pfx file. > If this is what I need, should I export it as pfx and import it into > the nss db? You won't be able to export it (by itself) as a pfx file because you don't have the private key for that cert. If you can't get the pfx file for your own cert to include that cert also, then the alternative is to export that CA cert by itself as a .cer file, then import that file into your cert DB with certutil. >> I suggest you do these things: >> 1) download the Verisign CA cert for the CA that issued your code signing >> cert, and get it into your Windows cert store. Verisign should have a web >> page of instructions on how to do that somewhere. > > Not sure whether I know what it is, where to look for it and what is > the extension of this, and how to put it into the nss db? > Thanks When you have the CA cert in a file, you can import it with a command such as (wrapped here) certutil -d DB -A -n "VeriSign Class 3 Code Signing 2004 CA" -t ",," -i thefile.cer or certutil -d DB -A -n "VeriSign Class 3 Code Signing 2004 CA" -t ",," -i thefile.cer -a (if it's a PEM file) I think you know what I mean by "DB" and "thefile". _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
