suckerformimi wrote:
> I can't tell if my certficate imported properly. When I open the
> certificate it shows me the following certification chain:
> SingShot Media
> Thawte Code Signing CA
> Thawte Premium Server CA

Out of curiosity, which tool shows the hierarchy like that, with
the root at the bottom and the leaf at the top?

> When I list the contents of my certificate DB I get
> Thawte Code Signing CA         c,c,C

I gather that's the output of certutil -L .  Yes?

> Should I be seeing only the one certificate in the DB, or all three?
> Shouldn't I at least be seeing our "SingShot Media" certificate?

Ordinarily, certutil doesn't list the contents of the "built in" root
cert module.  To include the listing of built-ins, add "-h all" to your
certutil -L command.  I think that explains why you didn't see the root
in the list.

As for why you didn't see the leaf, I'd guess that the cert in question
contains one or more critical extensions that are unknown to NSS.
It used to be that NSS would not import a cert with unknown critical
extensions.  Now NSS will import it, but certutil will not display it. :-/

Could also be a consequence of this bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=335021

> Also, I've searched all over looking for some documentation on certutil
> and signtool. Is there any around?

Start looking here:
http://www.mozilla.org/projects/security/pki/nss/tools/index.html

> Regards,
> 
> Paul

-- 
Nelson B
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to