Kai, In NSS builds marked as "Basic ECC", ECC may be used only for TLS/SSL. So it's possible that certutil cannot generate CSRs when the "Basic ECC" version of NSS is used.
In NSS builds marked as "Extended ECC", certutil should be able to generate CSRs. If not, it's a bug. You can read this wiki page for a recommended way to use a third-party ECC library with NSS: http://pki.fedoraproject.org/wiki/ECC_Capable_NSS Wan-Teh -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
