Paul wrote: > Is it possible that the leaf didn't make it into the db? When I do > > > signtool -d . -k "SingShot Media" -p "mypwd" signed/
Yes, except that you have offered one piece of relatively strong evidence to the contrary, namely, that cert chain in your original post. If that cert chain was displayed by mozilla software (e.g. FireFox) then I'd say the cert must be in your cert DB (or else mozilla couldn't have displayed it). If that cert chain was displayed by some other software, e.g. Windows' own cert manager) then yes, it's possible that the cert is not in your cert DB. > I get : > > signtool: the cert "SingShot Media" does not exist in the database. Did your cert have an email address in it? If so, try substituting that email address for "SingShot Media" in the signtool command above. > Also, how can I check to see whether the cert contains any extensions? You apparently have certutil and signtool, two of NSS's numerous tools. What others do you have? And from what version of NSS do they come? If you have "pp" and if your SingShot cert is in a binary file, you can try pp -t certificate -i yourfile or if your cert is stored in a base64 encoded ascii file, you can try pp -t certificate -a -i yourfile -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto