suckerformimi wrote: > I can't tell if my certficate imported properly. When I open the > certificate it shows me the following certification chain: > SingShot Media > Thawte Code Signing CA > Thawte Premium Server CA
Out of curiosity, which tool shows the hierarchy like that, with the root at the bottom and the leaf at the top? > When I list the contents of my certificate DB I get > Thawte Code Signing CA c,c,C I gather that's the output of certutil -L . Yes? > Should I be seeing only the one certificate in the DB, or all three? > Shouldn't I at least be seeing our "SingShot Media" certificate? Ordinarily, certutil doesn't list the contents of the "built in" root cert module. To include the listing of built-ins, add "-h all" to your certutil -L command. I think that explains why you didn't see the root in the list. As for why you didn't see the leaf, I'd guess that the cert in question contains one or more critical extensions that are unknown to NSS. It used to be that NSS would not import a cert with unknown critical extensions. Now NSS will import it, but certutil will not display it. :-/ Could also be a consequence of this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=335021 > Also, I've searched all over looking for some documentation on certutil > and signtool. Is there any around? Start looking here: http://www.mozilla.org/projects/security/pki/nss/tools/index.html > Regards, > > Paul -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
