(I sent e-mailed this to Wan-Teh Chang last night, but I will also post here since this is rather urgent. Thanks.)
I am trying to create a Netscape Object CA. I am having problems with getting signtool to approve certificates I create. Here I will try to outline my process: Step 1 - Create blank database: certutil -N -d . and set a password as "mozdev.org" Step 2 - Create a root certificate: certutil -S -s "CN=mozdev.org" -n "root" -t ",,C" -x -d . -1 -2 -5 "5" cert signing "9" to finish "n" when asked if it is critical "y" when asked it is a CA cert enter when asked for path length "n" for not critical "7" object signing CA "9" to finish "n" when asked if is critical Step 3 - Create a signing certificate with a lifespan of 96 months: certutil -S -n "mozdev.org" -s "CN=mozdev.org" -c "root" -v 96 -t ",,C" -d . -1 -2 -5 "5" cert signing "9" to finish "n" when asked if it is critical "y" when asked it is a CA cert enter when asked for path length "n" for not critical "7" object signing CA "9" to finish "n" when asked if is critical *** Now, at this point, when I do a certutil -L -d . , I get two certificates names "root"! One should be "root", and the other should be "mozdev.org", from my understanding. Step 4 - Use signtool to created signed JAR: *** I am using "root" instead of "mozdev.org" because it doesn't exist. signtool -d. -p"mozdev.org" -k"root" -Z"files.jar" files/ signtool: PROBLEM signing data (Certificate not approved for this operation) This is all the further I can get with these processes. I have tried so many different variables on this, but nothing seems to work. Many thanks for any help you can provide, as I am genuinely stuck. Thanks, Eric
