On Fri, 29 Apr 2005 15:58:43 -0700, Julien Pierre wrote: > Ronin, > > Ronin wrote: > >> I saw all the issues about cert7/8.db and older/newer versions of Sun One >> and nss. >> My Sun One version is using cert7.db because it was upgraded from an older >> version using it. But, if I access to the web interface, cert8.db is >> created and used. >> My last try was to delete all certX.db and reimport everything using >> nss-3.9, creating only cert8.db. But the result is still the same! :( >> >> As already said, I open the web interface, remove the CA imported with >> nss, reimport it through the interface... and it works. >> > > Please do *not* use your own NSS binaries to manipulate cert databases > in Sun products. Only the binaries built by Sun are supported. There are > reasons for that. > > In this particular instance, there was a backporting error of the > cert8.db format into NSS 3.3.5 through 3.3.11 . Even though these > versions of NSS generate cert db files named cert8.db, the code is not > compatible with cert8.db files generated from NSS 3.7 and up . So, you > may not be able to use NSS 3.9 to create cert8.db that will work in old > Sun products that ship with NSS 3.3.x . The Sun cert8.db are readable by > NSS 3.9, but as soon as they are written to with NSS 3.9, NSS 3.3.x will > no longer be able to read it correctly.
Now is all clear, thanks a lot. > To completely take care of this problem, you need to upgrade your Sun > products to the versions recently released in Solaris 10 and the Java > Enterprise System release 3 (2005Q1), which both ship with NSS 3.9.5 and > use the standard cert8.db format. Is there a way to avoid upgrading? I think I could use the binaries built by Sun, as you said, but where can I find them? I use Sun ONE Application Server 7 Upgrade 4 on Linux platform. -- Ronin _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
