Thanks for reply. later on i did try pk12util and certutil before you gave this mail. First I used keytool to export the a specific alisa in keystore in storetype pkcs12. Then I used both pk12util and certutil for import this pkcs12 file. In case of certutil, it successfully import the cert, but when signing, there is error message says: cannot find private key. In case pk12util, import fails.
What's the right way? When use java keytool exports pkcs12 file, does it contains private key. Some source says difference. Anyone can help clear my mind? thanks. "Jean-Marc Desperrier" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > John wrote: > > The cert file is in pkcs12 format which I export from keystore using > > keytool. Then I try to import this file so the cert8.db is awared of the > > changes. Then using certificate in cert8.db to sign. > > > > I think signtool should be able to convert .cer file to .db file as keytool > > does. It does have one option -f <file>. > > This is done with the pk12util and certutil tools : > http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html > http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html > > You complain that you don't get answers, but it seem you didn't care to > read the answers to "Exporting RootCA's wallet from CMS 4.2" where you > would have found similar. _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto