TokenCertificate and InternalCertificate are interfaces, so they are not
mutually exclusive. Remember the NSS Certificate DB is itself a PKCS #11
token. Your certificate, since it has an associated private key, should be
both an InternalCertificate AND a TokenCertificate. Try checking with the
"instanceof" operator.
"Patrick O. Cesard" wrote:
> Hello,
>
> I'm using JSS 2.1 but have not found an easy way to delete a cert and
> its corresponding private key from my internal NSS cert and key DBs.
> There is a way to delete a cert from the store but to delete the private
> key you need the UniqueID. However it seems the UniqueID is available
> only for TokenCertificates (certs residing on a PKCS11 token) but not
> for InternalCertificates...
>
> -- Patrick
