How do I verify the CKA_IDS for both certs and keys? ANd is this a common problem with PKCS#11 provider? I have a feeling the problem may be due to the PK!! library I'm using is not generic but made to work espcially with COmmunicator...
-- POC "Robert Relyea" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Patrick wrote: > > Yes, certutil shows them, but only if I use the "-h all" option > > I noticed the trust flags show nothing (",,") however. Would that explaing > > why they don't get include in the return list? I'm calling > > CERT_GetCertNicknames with SEC_CERT_NICKNAMES_USER > > > > Also, certutil does not seem to use CERT_GetCertNicknames, instead it calls > > functions like PK11_GetAllTokens, PK11_TraverseCertsInSlot... > > Sounds like the private keys aren't properly linked to the certificates. > The CKA_ID's for the certificates need to match the CKA_ID's for the > private keys, otherwise NSS will not treat the certs as user certs. > > bob > > > > > -- POC > > > > "Ian McGreer" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED]... > > > >>Patrick wrote: > >> > >>>Does this function return nicknames of certs residing on a smartcard? I > >>>though it did, was working for me at one time... > >> > >>It does. > >> > >> > >>>I have the smartcard PK11 module loaded in secmod.db, and I'm using > >>>Get_DefaultCertDB for cert db handle, I have my password callback set > >> > > up, > > > >>>but the 2 certs on my card are not part of the return list...What am I > >>>missing? > >> > >> > >>Not sure. Do the certs show up using other means (certutil, e.g.)? > >> > >>-Ian > >> > >> > > > > > > >
