Approach 1: generate a new admin cert using certutil and add to admin user group in CMS.
tried certutil -R to create a binary certificate request file (successful)
tried certutil -C to create new binary certificate
(failed)
C:\iPlanet\Servers\bin\cert\tools>certutil -C -c cert-suncms -i newadmincertreq.bin -o newadmincert.bin -d ./
certutil: could not find certificate named "cert-suncms": security library: bad database.
certutil: unable to create cert (security library: bad database.)
I had copied the cert7db and key3.db files to the tools directory to try this. Interestingly, attempting the above but pointed at the original certdir seems to find the named issued cert but still wont allow the signing.
Thoughts?
Approach 2 will be to try to recover the CA signing key and certificate from the old CA and build a new CA where we have admin certs and swap in the old key and cert. Certutil doesnt seem to support export but the pk12util tool may offer this. Anyone tried this on older cert7.db and key3.db files with success or will I have a problem here?
Thanks, Chris _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
