Ram A Moskovitz wrote:
This works: certutil -M -d ./ -n "a cert in cert8.db" -t w,w,w
Ths fails as designed (as the cert is not in the cert8.db file): certutil -M -d ./ -n "a cert in P11 module and not in cert8.db" -t w,w,w
Did you specify the -n option argument as "tokenname:nickname"? Use the nickname string exactly as it appears in the output of certutil -L, complete with token name and : . That should work. It does work for certs in the root list. It should work for certs in any PKCS11 module, not only the root list. You must have readable/writable cert and key DBs, for this to work. The new trust for the cert gets written into the cert db.
-- Nelson B _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
