Ahryman40k wrote: > "Nelson Bolyard" <[EMAIL PROTECTED]> a écrit
>> That string, "Issuer certificate is invalid", is NSS error code >> SEC_ERROR_CA_CERT_INVALID. It tells you that NSS thinks that the >> CA cert for the issuer that issued your code signing cert is not a >> valid object signing CA cert at all, e.g. it lacks the extensions >> necessary to mark it as a valid object signing CA cert. > > So this error code means it lacks me extentions to mark my certificate as a > valid object signing. The problem is not with your certificate, but with the certificate of the CA that issued your certificate. > How and where can i found this missing extentions ? You cannot get the CA to add the extensions to their certificate. > from the sample i have followed : > http://oy-oy.eu:80/huh/firefox-extension-code-signed-with-spc-pvk/ > There was differences after i have imported my certificate in my DB [snip] > For me, Thawte have these attributes "c,,c" and "c,c," > for him, Comodo have these attributes "CT,C,C", "c,c,C", "c,c,C" > What these attributes means ?? > Why there are these differences for certificate attributes after importation > ? Many "how to" documents for NSS tools have been written and published on the web. several of them contain errors. Consequently, the NSS team does not support any documentation except the docs on *.mozilla.org and perhaps on sun.com and redhat.com (where many of the NSS developers are employed). So, if you're getting unexpected results from following the example on a particular web page, you must ask the author of that page for support. > you say me this : > "except the root CA cert, which should already have a capital "C" trust flag > set." > > So, why my root CA ( "thawte" in my case ) don't have "C" trust flag set ??? > what's wrong about it ? Is it really a root CA? Or is it subordinate to another one of Thawte's root CA certs? /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
