Thank you for Nelson Bolyard. "Nelson Bolyard" <[EMAIL PROTECTED]> ???? news:[EMAIL PROTECTED] > > LiuPeng wrote: > > >> Does anybody know how to change a cert nick name? (The cert already in > >> cert db file,and has an old nick name). > > NSS doesn't make that easy :-( > > In NSS, a nickname doesn't identify a cert, but rather identifies a > "Subject Name" that may identify one or more certs. Two certs with > the same subject name will/must have the same nickname in NSS. > > When a cert is imported into the certDB with a subject name that does > not match the subject name of any cert already in the DB, then a nickname > is created for that new subject name. You might get to choose the > nickname, or it might be chosen automatically, depending on how it is > imported. > > When a second or later cert with the same subject name is imported, it > uses the same nickname that was previously associated with that subject > name. > > P12 files often have nicknames in them. When you import a cert from a > P12 file that has a nickname, then NSS will use the nickname in the P12 > file unless there is already a cert with the same subject name in the > cert DB. If there is already such a cert, then the nickname of that > cert will continue to apply to all certs with the same subject name, > and the nickname in the p12 file will be ignored (if I recall correctly). > > The only way to change the nickname on a cert is to delete ALL certs > with that nickname from the cert DB, and then reimport them all. > When you import the first cert, you may get to pick the nickname. > Be sure not to delete a "user cert" (a cert for which you have the > private key) unless you back it up first into a p12 file. > > Scott Rea wrote: > > I think the easiest way is to export the cert to a P12, delete from db, > > import the cert with nickname of your choice... > > If I recall correctly, when you export a cert into a .p12 file with mozilla, > the nickname of that cert is also copied into the .p12 file. So, changing > the name of a "user cert" can be tricky indeed. >
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
