Nelson B wrote:
Leigh,
Please review my summary below, and tell me if I've made any mistakes.
As I understand it, the very same certs and private keys work in all 3
versions of the browser (4.8, 6.x, and 7.x) when the certs are imported
into the DBs by the browser itself. That is, when the certs are
imported by the browser itself, the browser is able to do SSL client authentication with the test server.
Correct.
When the certs are loaded via NSS 3.8's pk12util, they work in NS7. NS7 works either way, whether the certs are imported by the browser or by pk12util.
Correct.
When the certs are loaded via NSS 3.6's pk12util, they do NOT work in either NS 4.8 or NS 6.x.
Correct.
If the above summary is correct, then I think we can conclude that there is nothing wrong with the certs themselves, but rather something about importing certs with NSS 3.6 creates a DB that is incompatible with NS 4.8 and 6.x, even though the name is the right name for those versions of the browser.
This seems a reasonable assumption.
> ... snip ...
So, let me suggest that you try using NSS 3.3, and see if that makes a difference. The NSS 3.3 sources are still available. There might even be binaries available on mozilla.org's ftp site.
I'll try this. Thank you again.
::Leigh (on a day off) [EMAIL PROTECTED]
