I have been trying to set up a private certificate authority so that I can sign jar files used within the organisation I work at, for use in Mozilla applications. I followed the steps on chapter 12 of the O'Reilly Mozilla book, and ran into problems at the end when trying to sign jar files. I then found articles in this newsgroup pointing out errors in the text. So I followed the steps laid out in the draft revision of that chapter http://certs.mozdev.org/cadraft.html), and I still have problems.
Here are the steps I am doing: mkdir CA mkdir JAR certutil -N -d CA certutil -d CA -S -s "CN=I2 root CA, O=I2" -n "I2" -t ",,C" -v 96 -x -1 -2 -5 certutil -d CA -L certutil -L -d CA -n "I2" -a -o CA/root.cacert pp -t certificate -a -i CA/root.cacert certutil -d JAR -A -n "I2" -t ",,C" -i CA/root.cacert At this point, according to the documentation on the webpage I should have to enter a password, but instead the command completes without asking for one. If I continue... certutil -L -d JAR certutil -d JAR -R -o JAR/req.txt -a -s "CN=I2 signing cert, O=I2" -v 95 I get the following error: certutil: unable to generate key(s) : An I/O error occurred during security authorization. I found articles in this newsgroup relating to this error, when the key3.db and secmod.db file are deleted, but I have not been deleting them. What am I doing wrong? Hope someone can help! Regards, Neil
