The output of the command "certutil -H" (the LONG help message), shows that the -C command does not take the -a option. That help output states that the -C requires that the CSR be BINARY. So, I'd like you to try this again, and remove the -a option from both of the above two commands, and maybe name the file csr.bin instead of csr.txt. That is, generate a binary CSR, and input a binary CSR.
The -a option came from the examples here: http://certs.mozdev.org/cadraft.html
Sigh.
As you will see below, using binary files fixed the problem.
It's not clear to me now whether the fix was a) using a binary CSR, or b) using a different name in some command, or c) both.
Maybe you can take over that documentation on mozdev and fix it.
Which documentation, the procedure for setting up certs or the procedure for compiling NSS.
Sorry, I meant the chapter on signing code in the "book" on mozdev.org.
Many people have been very confused and/or disappointed after reading that chapter and trying to get it to work. I first found out about that book after it was published, when MANY people started posting in this newsgroup, saying that the examples in the book don't work. Many of those people assumed (incorrectly) that that chapter of the book had been written by mozilla/NSS software developers, and learned that mozdev != mozilla. (They're separate groups.)
IMO, NSS has been more hurt than helped by that chapter. People have tended to imagine that if the book has that many problems, then the NSS software must also. :(
It would be very good if that section could be rewritten by someone who (a) understands how certs and private keys work, and (b) has the time and inclination to write it up so that others would also understand it. If you're interested, you should be able to find connections to the mozdev folks on their website. I'm willing to review pre-publication drafts for accuracy.
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
