Just tried creating the certificates database from scratch, importing
the root and intermediate certificates from Starfield (...), but no
success yet, Firefox still says "signing could not be verified. -260".
Here are the steps that I followed:
adri...@planck:~/Tmp$ mkdir empty_db
adri...@planck:~/Tmp$ cd empty_db/
adri...@planck:~/Tmp/empty_db$ nss-certutil -N -d .
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.
Enter new password:
Re-enter password:
adri...@planck:~/Tmp/empty_db$ ls
cert8.db key3.db secmod.db
adri...@planck:~/Tmp/empty_db$ nss-certutil -A -n "Starfield Class 2
Root" -i ~/Downloads/sf-class2-root.crt -d . -t "CT,CT,CT"
adri...@planck:~/Tmp/empty_db$ nss-certutil -A -n "Starfield
intermediate" -i ~/Downloads/sf_intermediate.crt -d . -t ",,c"
adri...@planck:~/Tmp/empty_db$ nss-certutil -d . -L
Certificate Nickname Trust
Attributes
SSL,S/
MIME,JAR/XPI
Starfield Class 2 Root CT,C,C
Starfield intermediate ,,c
adri...@planck:~/Tmp/empty_db$
adri...@planck:~/Tmp/empty_db$ nss-pk12util -i ~/Downloads/
COMPANY_code_signing_starfield.p12 -d .
Enter Password or Pin for "NSS Certificate DB":
Enter password for PKCS12 file:
nss-pk12util: PKCS12 IMPORT SUCCESSFUL
adri...@planck:~/Tmp/empty_db$
adri...@planck:~/Tmp/empty_db$ nss-certutil -d . -L
Certificate Nickname Trust
Attributes
SSL,S/
MIME,JAR/XPI
Starfield Class 2 Root CT,C,C
COMPANY LLC's Starfield Technologies, Inc. ID u,u,u
Starfield intermediate ,,c
adri...@planck:~/Tmp/empty_db$
adri...@planck:~/Tmp/empty_db$
adri...@planck:~/Tmp/empty_db$ nss-signtool -d . -l
Object signing certificates
---------------------------------------
COMPANY LLC's Starfield Technologies, Inc. ID
Issued by: Starfield intermediate
Expires: Mon Sep 19, 2011
---------------------------------------
For a list including CA's, use "signtool -L"
adri...@planck:~/Tmp/empty_db$
adri...@planck:~/Tmp/empty_db$ nss-certutil -V -n "COMPANY LLC's
Starfield Technologies, Inc. ID" -u O -d .
nss-certutil: certificate is invalid: Certificate type not approved
for application.
adri...@planck:~/Tmp/empty_db$
adri...@planck:~/Tmp/empty_db$ nss-certutil -O -n "COMPANY LLC's
Starfield Technologies, Inc. ID" -d .
"Starfield Class 2 Root" [OU=Starfield Class 2 Certification
Authority,O="Starfield Technologies, Inc.",C=US]
"Starfield intermediate" [serialNumber=10688435,CN=Starfield Secure
Certification Authority,OU=http://certificates.starfieldtech.com/
repository,O="Starfield Technologies,
Inc.",L=Scottsdale,ST=Arizona,C=US]
"COMPANY LLC's Starfield Technologies, Inc. ID" [CN=COMPANY
LLC,O=COMPANY LLC,L=Remsenburg,ST=NY,C=US]
adri...@planck:~/Tmp/empty_db$
adri...@planck:~/Tmp/empty_db$ mkdir XPI
adri...@planck:~/Tmp/empty_db$ unzip -d XPI ~/COMPANY.xpi
adri...@planck:~/Tmp/empty_db$ nss-signtool -d . -k "COMPANY LLC's
Starfield Technologies, Inc. ID" -X -Z COMPANY.xpi XPI
Generating XPI/META-INF/manifest.mf file..
[snip...]
Generating zigbert.sf file..
Enter Password or Pin for "NSS Certificate DB":
Creating XPI Compatible Archive
adding XPI/META-INF/zigbert.rsa to COMPANY.xpi...(deflated 34%)
[snip...]
Am I doing something wrong?
Thanks.
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
