Jean-Marc Desperrier wrote:
Kim, Ki Young wrote:
I found a problem when i imported a certificate using Mozilla(Firefox)
in the type of pkcs#12 file exported from MSIE.
The error message was "The certificate and private key already exist
on the security device".
Very strange. Usually, if you set a password, there is not problem to
import in that case. You can not use an empty password, as IE and
Mozilla don't agree about how an empty password should be handled.
The problem being reported is that the new cert/key are thought to
already exist in the DBs. Perhaps he has a cert with a public key
whose hash matches one in the DBs.
I think the only way to understand what's happening would require that
you post the p12 that doesn't import, after revoking it, or generating a
special test certificate with a validity of one day.
In NSS 3.10 Beta, the pk12util program has an option that lists the
content of a PKCS12 file (provided that you know the password).
It doesn't list the actual private key, so its output is safe to send.
NSS 3.10 Beta bits are expected to be on the ftp.mozilla.org site this
week.
But you should first check what happens when you test on a new profile.
That's a good idea too.
--
Nelson B
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
