In order to describing my point clearly, please consider the below simple example.
1. Two certificates with same subject (CN=www.example.com) and different nicknames (respectively, example1 and example2). Both of them are in PKCS12 format. 2. Import the certificates to an existing database $ pk12util -i example1.p12 -d sql:exampledb -W 'example1pass' pk12util: PKCS12 IMPORT SUCCESSFU $ pk12util -i example2.p12 -d sql:exampledb -W 'example2pass' pk12util: PKCS12 IMPORT SUCCESSFU 3. List the certificates $ certutil -d sql:exampledb -L Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI example1 u,u,u example1 u,u,u Only nickname "example1" is listed. 4. Display certificate example1 $ certutil -d sql:exampledb -L -n example1 Here, in deed, certificate example2 is displayed. It looks a bug. Best regards, John Jiang 2018-01-31 13:07 GMT+08:00 John Jiang <john.sha.ji...@gmail.com>: > Hi, > I'm using NSS 3.35. > > With my testing, it is not allowed to import multiple certificates with > same subject and different nicknames to a certificate database via pk12util. > I just want to confirm this point. > > Best regards, > John Jiang > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto