Hello Julien, "Julien Pierre" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Ionut, > > Ionut Marasescu wrote: > > Hello everyone, > > We've developed a pkcs#11 module for our smartcard terminal and > > smartcard application. The smartcard contains 5 certificates (and > > corresponding private keys), so we implemented 5 slots. > > This isn't necessary. You could still have 5 certs and keys with the > same subject in a single slot. > > > We wanted to select > > one certificate for signing. > > Are you talking about S/MIME message signing ? Or SSL client auth ?
I'm talking about S/MIME message signing. > > Mozilla is not able to sign with the selected certificate (instead it uses > > the first one with the same subject displayed in the selection combo). If we > > set the slot names to be identical, it displays only one certificate (from > > the ones with the identical subject). > > > > We've imported two certificates with same subject in the Mozilla > > Software security device. They both appear in the Certificate Manager, but > > when trying to select one of them for the digital signature, we've observed > > that only one appears. At this point it seems to be a Mozilla issue. Does > > anyone know how to override this ? Or if it's a Mozilla issue, when (or if) > > it will be fixed ? > > > > We've tested with Mozilla 1.6 , 1.7 (releases) and Netscape 7.1, and the > > functionality is identical. > > > > We even declared the slots as software slots (we normally set the flag > > CKF_HW_SLOT), in order to observe all the calls that Mozilla normally makes. > > At some point Mozilla searches (C_findObjects) a certificate by using only > > the subject (which we know it's not unique), so it seems that our problem is > > related to this kind of search (it will be more convenient if the find will > > search by an unique atribute (like ca&serial number) instead of subject). > > > > Could you try to reproduce the problem with the software token instead > of your token ? > > To do this, export your 5 certs and keys to a PKCS#12 file (you may have > to generate new ones if the keys aren't exportable from your smartcard). > Then import the PKCS#12 file into the database in mozilla. > > Then, repeat what you are trying to do and see if you are able to sign > with a particular cert. We've already done this, and we have the same problem. As described in the original message: "We've imported two certificates with same subject in the Mozilla Software security device." and only one certificate appears in the certificate selection combo. We used two(and three) pkcs#12 files with different certificates having the same subject. Only one appears in the list. If I delete the certificate another one appears in the list (and I'm able to sign with it). _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
