Andreas is ok - i use my gmx-account for spam trapping.
I did not have my personal cert in the software token, but it was infact deleted (wich may not erase all the data in the software token ???). I will try to create a new db and test again.
In the mean time I tried to reproduce with NSS-3.9 (used this to access my thunderbird-profile) to have useful information for opening a bug. There are some confusing messages but certutil 3.9 says, the cert is valid:
....\nss-3.9\bin>certutil -d "....\Thunderbird\Profiles\default\sf21vcat.slt" -V -n "OpenSC Card:/C=DE/CN=Andreas Marx/emailAddress=...." -u S unable to enumerate apps: Transmit failed pkcs15.c:595:: returning with: Transmit failed Failed to load profile: File not found Enter Password or Pin for "OpenSC Card": certutil: certificate is valid
Is there a way to find out, wich nss-version was used in the build?
In fact I will have to make my own build if I do not want to wait for a contributed build with nss-3.9
-- Andreas
Nelson Bolyard wrote:
Andreas Marx, a.k.a. caronte (?) wrote:
I dont think its the extensions, as the certificate work well, if not stored in hw-token. Here is my CA:
One more question.
At one time, NSS had some problems that occurred when the same cert appeared in multiple tokens. I wonder if that was affecting you.
I wonder if you originally had your personal cert and private key in the "software token", then you exported that key/cert to a PKCS12 file, and transferred it to the HW token, but it was still also in the software token.
Does that sound like a possible explanation?
I'd be interested in knowing if you can reproduce this problem with a new cert DB that has only your root CA cert in it, and an empty key DB.
/Nelson
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
