On 2009-07-08 22:37 PDT, Michael Kaply wrote: > I'm importing a code signing cert into my database using pk12util, but > it gets assigned a random alias: > > e33eb463-ddba-4895-9469-bfdd01c71fe2
That's a Microsoft Windows GUID. The most likely cause of this is that you exported the cert and private key from an MS Windows cert/key store using Microsoft's PFX file creation wizard, and didn't give the certificate a nickname (which Microsoft calls a "Friendly name") first, so Windows assigned it a random GUID for its "friendly" name. (Not very friendly, I think). (PFX == PKCS#12, as you may know.) The simplest solution is to use Microsoft's cert manager and give the cert a friendly name in the cert store, then re-export it to a new PFX file. Then delete the cert with the old nickname from your NSS cert DB and then import the new PFX file. > Is there a way via the command line utilities to rename that to a more > human name? Not via NSS command line utilities. Alas. > I'm sure I did this in the past, but I can't find anything in the docs. Here are instructions on how to use MS Windows cert manager to give a certificate a "Friendly Name" and "Description". These work on XP, and probably on other Windows versions, too. a) In IE, go to the tools menu, and select "Internet Options". b) Click on the "Content" tab. c) Click on the "Certificates" button. d) Select the cert you want to export. Click the View button. e) click the Details tab. f) Click the "Edit Properties" button. g) Type in a "Friendly name". No ':' characters in it, please. h) Type in a Description, anything you like. i) Make sure that "Enable all purposes" is checked. j) Click OK to dismiss the Certificate Properties dialog. k) Click OK to dismiss the Certificate Detail dialog. Then export it to a new pfx file. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto