About PKCS#11 and NSS: My NSS app was able to read a cert off a smartcard but *failed* to use it for SSL client authentication. I have used a couple of different PKCS#11 libraries with NSS, and the error message I get back are: "key not authorized for requested operation", or "unable to digitally sign data required to verify your certificate".
I then got hold of another version of same PKCS#11 lib (this version came as a sample DLL in card provider's SDK, and the documentation states: "Warning! The PKCS#11 library shipped with this distribution is different from the one shipped with commercial product, offering support for Netscape Communicator.". That version of the PKCS#11 lib *worked fine* with my NSS app: the app could read *and* use the cert for SSL client authentication. The thing I don't get is, what wouldn't the first version not work with my NSS app? Especially if it geared to work with Communicator, which *is* an NSS app! Have you experimented any with PKCS#11 modules, and their use in NSS? -- P
