Ronin,
Ronin wrote:
I saw all the issues about cert7/8.db and older/newer versions of Sun One and nss. My Sun One version is using cert7.db because it was upgraded from an older version using it. But, if I access to the web interface, cert8.db is created and used. My last try was to delete all certX.db and reimport everything using nss-3.9, creating only cert8.db. But the result is still the same! :(
As already said, I open the web interface, remove the CA imported with nss, reimport it through the interface... and it works.
Please do *not* use your own NSS binaries to manipulate cert databases in Sun products. Only the binaries built by Sun are supported. There are reasons for that.
In this particular instance, there was a backporting error of the cert8.db format into NSS 3.3.5 through 3.3.11 . Even though these versions of NSS generate cert db files named cert8.db, the code is not compatible with cert8.db files generated from NSS 3.7 and up . So, you may not be able to use NSS 3.9 to create cert8.db that will work in old Sun products that ship with NSS 3.3.x . The Sun cert8.db are readable by NSS 3.9, but as soon as they are written to with NSS 3.9, NSS 3.3.x will no longer be able to read it correctly.
To completely take care of this problem, you need to upgrade your Sun products to the versions recently released in Solaris 10 and the Java Enterprise System release 3 (2005Q1), which both ship with NSS 3.9.5 and use the standard cert8.db format.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
