Will NSS 3.4 allow the internal token to export any kind of certs?
"Robert Relyea" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
>
> Mike McIntosh wrote:
> > Ian, that is the problem.
> >
> > In fact, when I built the sources and debugged it I found it was failing
in
> > pkcs11.c (pk11_searchCerts, line 3980) checking the trust flags for
> > CERTDB_USER.
> >
> > I got this (temporary) test certificate from verisign and installed it
using
> > certutil tool. It's type is "Trusted Client CA". I notice the comment in
the
> > code that "we are only interested in permanment user certs here". Can I
not
> > use this for testing?.
> >
> > Thanks,
> > Mike
>
> If the private key is stored in your database, you can. When you used
> certutil to import it, it was imported as a non-user cert. You can fix
> this by explicitly setting the user bits (u,u,u) on the cert with the
> change trust flags.
>
> If you do not have the private key in your database, you cannot look up
> the cert with the PK11_FindCertByNickname call because the internal
> token only exports user certs in NSS 3.3 or earlier. That is not an
> issue in NSS 3.4.
>
> >
> >
> >
> > "Ian McGreer" <[EMAIL PROTECTED]> wrote in message
> > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> >
> >>Mike McIntosh wrote:
> >>
> >>>Hi,
> >>>
> >>>I am trying to use nss to provide SSL support for our server
application
> >>>
> > but
> >
> >>>I am falling at first hurdle.
> >>>
> >>>I used the certutil tool to add a certificate (verisign test
> >>>
> > certificate) to
> >
> >>>database and this was successful.
> >>>
> >>>I have used the sample code sslsample/selfserv as basis for code but I
> >>>
> > am
> >
> >>>having a problem accessing certificates via PK11_FindCertFromNickname
> >>>
> > (even
> >
> >>>in the samples).
> >>>
> >>>If I do the following :-
> >>>
> >>> nicknames = CERT_GetCertNicknames(CERT_GetDefaultCertDB(),
> >>>SEC_CERT_NICKNAMES_ALL, 0);
> >>>
> >>>this works and I can see the certificate nickname is there ok. However,
> >>>
> > when
> >
> >>>I do :-
> >>>
> >>>cert = PK11_FindCertFromNickname(nickname, password);
> >>>
> >>>it returns NULL.
> >>>
> >>>I suspect it may be related to the password callback function which is
> >>>
> > never
> >
> >>>being called. Is this normal?
> >>>
> >>You shouldn't need the password for locating a certificate. What is the
> >>trust of your cert? Are you sure it is a user cert (that is, you have
> >>the key for it in the same profile)?
> >>
> >>-Ian
> >>
> >>
> >>
> >
> >
>
