I already have the key3.db file in the same location where I am
generating the cert database as well as the server and CA cert files.
Can you please elaborate on how could I explicitly add the private key
? ( via certutil or any other method )
   --- Hiten.
You need access to the private key!
When your cert was generated initially, the private key for that certificate was placed somewhere (in NSS it's the key3.db used to generate the certificate request). You will need to go to that location an extract the private key (using pk12util for NSS, other libraries provide a similiar tool to extract pkcs12 files) and import it into your new cert and key database.

If NSS is not setting the 'u' bits it's because it can't find the private key for that certificate. Note: access to a certificate is not sufficient privellege to use that certificate. Certificates are public objects you (and do) can give away to other parties so they can validate you. Along with that certificate you usually provide some proof of possession of the private key (usually by a signature).


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to