Patrick wrote: > > This is a repeat: > > I have a PKCS#11 hardware token that my NSS app interfaces with ( I have the > corresponding crypto module loaded in). However when I retrieve all my user > certs (CERT_GetCertNicknames) I get nicknames such as these > "80019705:570af896-c03b-40dc-b0c5-486960008089" for the cert on the hardware > token. The cert was installed on the token via an IE browser but I don't > think it makes a difference. I have used Communicator to install certs on > tokens, and the NSS nickname are unintelligible as well...Is there a way to > change a cert's NSS nickname? Why the funny nicknames? >
Well the reason for the funny nicknames presumably is the way IE uses PKCS#12 files and generates keys with things like Xenroll and how NSS converts the PKCS#12 file attributes into a nickname. By default when Xenroll creates a key container it uses a GUID which results in that weird string of digits. When this is exported as a PKCS#12 file the friendlyName attribute of the private key is the container name whereas the corresponding certificate is whatever it is set to (default blank) using the certificate wizard. Presumably the friendlyName translates into the nickname when the PKCS#12 file is imported. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage.
