I have spent quite some time trying to figure out this signing biz, but it seems like the signtool docs are still stuck in Netscape 4 land and so are nearly useless.
We were given a "p12" file from our CA. I assume that is by definition the certificate. The docs mention exporting a p12 file, but never importing one, yet the Mozilla cert manager only permits importing a file. So I tried that, and our cert appeared in the list. From the docs it appeared as if Signtool then uses the two db files to get the info it needs: cert7.db and key3.db which I moved over to the directory that has my projects. (Pointing signtool to the original directory with the db files caused it to crash, probably the directory name was too long and overflowed some buffer). Now I type in "signtool -l", and it both shows our certificate and the line "Error++ Unable to find issuer in certificate". I assume that means it cannot find a legal Verisign cert, but when I do a -L I clearly see that certificate as listed. I can create a temporary internal certificate and it works fine. what gives?
