Gerd Schering wrote:
Hi,
I apologize if my questions have already been answered, but I didn't find anything in the docs, faqs and archives.
1) I have three different certs from two distinct CAs. If I dump cert7.db with
./certutil -L -d $HOME/.mozilla/gerd4000/nzt72va1.slt
only two show up:
[EMAIL PROTECTED] ,p,
[EMAIL PROTECTED] u,pu,u
What do the u's in the second line mean?
That the cert is a user cert (you have a private key for it).
If I try to examine the certs withThe others are present, but when you do a search by nickname or email address, the most recent cert is returned. That is the one you see displayed.
./certutil -L -n [EMAIL PROTECTED] -d HOME/.mozilla/gerd4000/nzt72va1.slt
only one cert gets displayed.
Where are the others?
2) I have to different public keys/certs for Alice, both from the same CA and (with regard to the v3 extensions) both suitable for encryption.
How does mozilla take it's decision which one to use?
I believe it will use the newer cert.
When I send mail to Alice, Mozilla takes the first key/cert that shows up in the certificate manager, which is the "right" one, because the other key/cert was used for signing the email Alice sent to me.If Mozilla/PSM couldn't figure this out, it wouldn't be a very useful S/MIME client :) Many deployments use the dual-cert (signing & encryption) model.
Was I just lucky or does mozilla know about the use of the keys/certs?
Both certs came with an email I received and were incorporated by mozilla to cert7.db
-Ian
