Sounds like there is a copy of your certificate in the internal database (cert7.db), and that's the one you got when you looked up your certificate (by nickname?).
In JSS 3.2 all certificates will be of type PK11InternalTokenCert, which implements both TokenCertificate and InternalCertificate. Patrick wrote: >I have one certificate residing on an external crypto token (hardware). I >can get info on the cert with X509Certificate methods, can use for SSL >client authentication, etc, but when I check if it's an instance of a >TokenCertificate, JSS says it isn't...If I cast my X509Certificate to a >TokenCertificate, JSS throws "java.lang.ClassCastException: >org.mozilla.jss.pkcs11.PK11InternalCert"... > >-- POC > > >
