Nelson B wrote:
He's running a xulapp, which has the same privelleges that the browser has. It's very different from java script from a webpage.[EMAIL PROTECTED] wrote:I'm having a tricky problem. What I am trying to do is to add an object signing certificate to the NSS database. This can be done using certutil, yes. But this is a xulapp that uses nsINSSCertCache, which I fear is causing problems.You shouldn't be manipulating the cache directly. I'm surprised that it is even possible to do so. Seems like a bug.
u,u,u means you have a private key associated with the cert. You will need it import a .p12 file.This is not having the desired effect. The consequence is that the database changes the certificate from 'u,u,u' to ',,,' when doing a certuil -L. Which causes the certificate not to show up, and a host of other problems that can be only solved by deleteing the profile.
Are you issuing the certificate from the cert request? I suspect you need to use an 'Import user cert' call, though importing the cert to the correct 'token' should have caused those bits to be set correctly. NSS does have some 'self-healing' if the user bits do not get set correctly (that, perhaps is why the reboots cause the cert to show up?) BTW is this an RSA or DSA key?The only way I have managed to get it to work is by adding my certificate right after creating a certificate request, shutting down my xulapp, relaunching and readding the certificate, shutting down and relaunching again. Obviously, this is not very desirable for my users. I don't know why this particular set of steps fixes it, but it does.Very strange. I'd guess it's due to the direct manipulation of the cache. But that's a guess.
bob
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
