"Ohaya" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > "Nelson B" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Ohaya wrote: > > > > > Instead of 7.1, I download NS 6.1 from Netscape's archive website, since > > > according to this website, NS6.1 has PSM 2.0 integrated. > > > > > > I don't know if this is relevant, but with NS 6.1, I can import those > same > > > CA certs, and trust purposes are not cleared after the import... > > > > I'll bet it works with a brand new "profile" (brand new cert7.db and > > key3.db files in psm 1.x, too. > > I'll try with new files...
Nelson, Ok, I think that I've figured out what is going on. It turns out that what I thought was the CA's cert was actually a package of certs for the root CA and for several sub-root CAs. When downloaded via IE, it showed up as a .CER file, which kind of threw me off :(. Also during the PSM import thing, it displays just the name of one of the sub-root CAs, and it appears that when I check the purposes checkboxes, it is setting the purposes for just that one sub-root CA cert (i.e., not for the root CA cert, and not for any of the other sub-root CA certs). So, it looks like the server cert on the host that I was trying to connect to after I got these CA certs must've been issued by one of the other sub-root CAs, other than the one that gets displayed in PSM when I do the import. Unfortunately, I can't verify this until I get into the office, but I will test further tomorrow hopefully. Thanks for all of your help thus far. This has been very helpful!! Jim _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
