Ian McGreer wrote:
>
> The real problem here is that the name is "alias-cert.db" not
> "alias-certX.db". Bob, do you know how this could be? I wasn't aware
> that NSS ever created the db's without a version number. That seems odd.
>
> -Ian
Actually, that's handled by the 3.2 code now. NSS checks to see if the
database is version 4 or version 5 explicitly if there is no version
number in the name. I believe the problem is that the -P flag wasn't
added until NSS 3.2. (BTW only version 3.2 knows how to handle the
various problems that plague 2.x and 3.x server created databases.
bob
>
> Carman, George wrote:
>
>> We tried using pk12util in nss 3.1.1 as follows:
>>
>> The database in writable directory:
>> ./alias-cert.db
>> ./alias-key.db
>>
>> ./pk12util -o outfile.p12 -d . -n nickname -P alias
>>
>> This just gives the usage help message.
>> Any suggestions on how to use the tool?
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
>> Sent: Wednesday, July 11, 2001 5:50 PM
>> To: Carman George
>> Cc: '[EMAIL PROTECTED]'
>> Subject: Re: Migrating Private Keys and Certs from Netscape 3.5
>>
>>
>>
>>
>> Carman, George wrote:
>>
>>
>>> Hello,
>>>
>>> We have several Netscape 3.5 servers and we are trying to migrate their
>>>
>> keys
>>
>>> and certs to newer products. Is there a utility which can read the
>>> database for these older products?
>>> The files have names alias-cert.db and alias-key.db. There is no
>>>
>> secmod.db.
>>
>>
>>
>>
>>> Do the nss pk12util and certutil utilities understand these older
>>>
>> databases?
>>
>>> If so, example usage for export of the keys and certs would be
>>>
>> appreciated.
>>
>>
>>
>> Yes, sort of. They can update an old database into a new database
>> format. The latest versions of the utilities even understand the
>> server 'alias-' prefixes (they have options to handle them). If you
>> run them in a writeable directory the tools can create new
>> alias-cert7.db and aliad-key3.db's as well as a secmod.db on the fly,
>> before they start using operating on the files.
>>
>> iWS also has an admin interface that can update thes files.
>>
>> bob
>>
>>
>>
>>> Thanks,
>>> George
>>>
>>>
>>>
>>
>>
>
