>> Does anybody know how to change a cert nick name? (The cert already in >> cert db file,and has an old nick name).
NSS doesn't make that easy :-(
In NSS, a nickname doesn't identify a cert, but rather identifies a "Subject Name" that may identify one or more certs. Two certs with the same subject name will/must have the same nickname in NSS.
When a cert is imported into the certDB with a subject name that does not match the subject name of any cert already in the DB, then a nickname is created for that new subject name. You might get to choose the nickname, or it might be chosen automatically, depending on how it is imported.
When a second or later cert with the same subject name is imported, it uses the same nickname that was previously associated with that subject name.
P12 files often have nicknames in them. When you import a cert from a P12 file that has a nickname, then NSS will use the nickname in the P12 file unless there is already a cert with the same subject name in the cert DB. If there is already such a cert, then the nickname of that cert will continue to apply to all certs with the same subject name, and the nickname in the p12 file will be ignored (if I recall correctly).
The only way to change the nickname on a cert is to delete ALL certs with that nickname from the cert DB, and then reimport them all. When you import the first cert, you may get to pick the nickname. Be sure not to delete a "user cert" (a cert for which you have the private key) unless you back it up first into a p12 file.
Scott Rea wrote:
I think the easiest way is to export the cert to a P12, delete from db, import the cert with nickname of your choice...
If I recall correctly, when you export a cert into a .p12 file with mozilla, the nickname of that cert is also copied into the .p12 file. So, changing the name of a "user cert" can be tricky indeed.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
