Melton,
You emailed me some output from a version of certutil or pp that is older than NSS 3.9.
What version of NSS are you using?
Do you get better results with NSS 3.9?
I started over from scratch, using NSS 3.9, creating the new databases in an empty directory. I still used the same certificates signed by the CA. I got the exact same results ("Peer's certificate has an invalid signature.").
Another clue perhaps. We have a java application that tries to do SSL with our CA (currently server authentication), and we get an exception saying that a trusted cert couldn't be found, even though we added the CA's self signed cert to the database and (we thought) set the trust correctly. Ultimately, we'll be doing client authentication with the certificate on the smart card.
So in other words, it might be a trust issue instead of a signature verification issue. If we can get the command line tools to work, we think the java app working. If you have any clues on why the command line tools are behaving this way, I'd appreciate it.
melton _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
