Andrew Huntwork wrote: > I'm having problems creating a certificate signed by a self-signed > certificate using certutil. Here's how the self signed cert is generated: > > rm -f server_db/* > certutil -N -d server_db > certutil -S -d server_db/ -x -n cacert -t "TCP,TCP,TCP" -s "CN=Andrew > Huntwork, O=Group 6, L=Tucson, ST=AZ, C=US" -1 -2 -5
should be -t "TCu,TCu,TCu" I actually would have thought that wouldn't matter, that NSS would be able to ascertain the cert was a user cert by locating it's private key. But apparently that is not the case, you must explicitly state that the cert is a user cert. > Properties: > Cert signing key > CA certificate > path length -1 > SSL CA > > Here's how I'm attempting to create the new certificate: > > certutil -S cacert -d server_db/ -n servercert -s "CN=Andrew Huntwork, > O=Group 6, L=Tucson, ST=AZ, C=US" -t u -c cacert remove the first reference to "cacert" (after the -S) and this should work. -Ian > > Here's the error message I get after banging on the keyboard for a while: > certutil: unable to find issuer with nickname cacert: Certificate > extension not found. > certutil: could not obtain certificate from file: Certificate extension > not found. > > I downloaded the nss 3.3.1 source distribution from ftp.mozilla.org and > built with: > make nss_build_all > > Any help you could give in this respect would be much appreciated. >
