In article <atdvj3$[EMAIL PROTECTED]>, [EMAIL PROTECTED] says... > Nelson B. Bolyard <[EMAIL PROTECTED]> wrote: > > liug wrote: > >> > >> How can I use the NSS tools to convert a openssl generated > >> key pem file to netscape key3.db ? > > > I believe there is some OpenSSL program that will create a .p12 file > > (a.k.a "PFX" file) from your key/cert. Mozilla can import the .p12 file. > > ok, here is what I did: > > 1) combine the key/cert pair in test2.pem > 2) convert the pem to p12 format > openssl pkcs12 -export -name Server-Cert -in test2.pem -out test2.p12 > 3) verify the "test2.pl2": > openssl pkcs12 -in test2.p12 -nodes > all looks fine, both key and cert. > (all bag attributes are there) > 4) now try to import it (I already have key3.db and cert7.db created). > pk12util -i test2.p12 -d . > it gives: > pk12util: PKCS12 decode validate bags failed: The user pressed cancel. >
Try including the complete certificate chain in the PKCS#12 file. Although I've not tried this recently but you may have problems if the certificate is self signed. Steve.
