Hi Nelson,
thank you for looking into this.
I dont think its the extensions, as the certificate work well, if not stored in hw-token. Here is my CA:
Caronte,
This is a very interesting problem. Nothing in the certs you listed looks obviously wrong to me. The problem may have something to do with the specifics of whatever token and PKCS11 module you're using.
I invite you to register yourself and your email address with bugzilla.mozilla.org, and file a bug against the product "NSS", and attach to it these certs, and the info you've already provided. I think there's a much better chance of the problem being resolved that way. Old bugzilla bugs don't get fotgotten, but old newsgroup postings do.
Also, please add to your bug report any information about the particular token and pkcs11 module you're using.
I wish I had a PKCS11 test tool handy that would enumerate the objects on your token and the readable PKCS11 attributes for each one. That might help us figure this out.
We have numerous different crypto tokens here, and we store certs and keys on them, much as you do, and store the root CA cert in the software token, as you did, and it all works for us. So, the question in my mind is "what's different about your token/module than mine?"
If we can figure that out, there's certainly interest in fixing the problem, whatever it is.
/Nelson
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
