I use signtool 1.3 to sign html pages(with javascript). It works fine
with a generated object signing certificate.
How did you get out of your previous problems at this level ?
I don't have a problem to generate a fake certificate with signtool 1.3 like you had, but I used a db generated with Netscape 4 and a signtool dated from 1999.
In your description it seemed like you might have used signtools from nss-3.2.1 (released May 2001), which is probably not the same as the 1999's signtool 1.3 available from
http://developer.netscape.com/software/signedobj/jarpack.html.
As for signing the html, the page
http://www.mozilla.org/projects/security/components/jssec.html#signedscript
documents that the method you were using with the ARCHIVE tag is specific to netscape 4 and does not work anymore with Mozilla, and one should use the Mozilla methods instead with a jar: url.
Is this what you did to get out of this ?
But when I want to sign with
the real object signing certificate, signtool say's there's no certificate
in the db with this name. But when I list all the certificates it's in the
list(see below to see the command line).
[...] The nickname is a litte strange : "SPF Finances - FOD Financien's
GlobalSign nv-sa ID"
Maybe you could try exporting the cert with pk12util and reimport it controlling the alias to use a simpler one ?
