On aug. 22, 21:38, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] wrote, On 2008-08-22 12:09: > > > On aug. 22, 19:43, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > >> What version of NSS are you using? > > > nss 3.11.4 > > nspr 4.6.4 > > >> If you run the signtool program without any command line options, it > >> outputs > >> a page of "usage" information. The first non-blank line of that > >> output looks like this: > > >> Signing Tool <VERSION> - a signing tool for jar files > > > Signing Tool 3.11.4 Basic ECC - a signing tool for jar files > > Thanks for all the info. > > > You tell me if something is missing, see a bove the list > > I have in the ms cert store this as well > > > Issued To > > VeriSign Class 3 Code Signing 2004 CA > > > Certification path > > VeriSign Class 3 Public Primary CA > > VeriSign Class 3 Code Signing 2004 CA > > When you created the pfx, Microsoft's cert export wizard should have > put that cert into the pfx file along with your code signing cert, > but obviously it didn't. > > I know that the Windows' cert store is not one cert store but actually > many (MANY) cert stores. I wonder if perhaps that cert is somehow in > "the wrong one"? I'm not enough of a Windows cert store guru to tell > you how to get that cert into your pfx file. > > > If this is what I need, should I export it as pfx and import it into > > the nss db? > > You won't be able to export it (by itself) as a pfx file because you > don't have the private key for that cert. If you can't get the pfx > file for your own cert to include that cert also, then the alternative > is to export that CA cert by itself as a .cer file, then import that > file into your cert DB with certutil. > > >> I suggest you do these things: > >> 1) download the Verisign CA cert for the CA that issued your code signing > >> cert, and get it into your Windows cert store. Verisign should have a web > >> page of instructions on how to do that somewhere. > > > Not sure whether I know what it is, where to look for it and what is > > the extension of this, and how to put it into the nss db? > > Thanks > > When you have the CA cert in a file, you can import it with a command such > as (wrapped here) > certutil -d DB -A -n "VeriSign Class 3 Code Signing 2004 CA" -t ",," > -i thefile.cer > or > certutil -d DB -A -n "VeriSign Class 3 Code Signing 2004 CA" -t ",," > -i thefile.cer -a > (if it's a PEM file) > I think you know what I mean by "DB" and "thefile".
Thank you, Nelson, that helped. Regards, giorgio71 _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
