David,
David Stutzman wrote:
I am importing into a certdb the contents of a pl2 file using pk12util.
I am ending up with certificate nicknames that = the DN of the
certificates. I would like to change the nickname of some of these
certificates. I see there is no way to do this with certutil and there
is no way to specify this with pk12util. I see a bug
(https://bugzilla.mozilla.org/show_bug.cgi?id=72296) filed a long time
ago that talks somewhat about the issue.
Multiple certs with the same subject name aren't an issue.
The p12s were generated by a java application using an RSA toolkit. I
looked through the 900 and some page reference guide for that toolkit
and the only reference to friendly name was in a section defining
certificate attributes and it made a reference to PKCS9. Based on this
I'm unsure I'll be able to create P12s that will import more smoothly.
Is there any way at all (even programmatically) to change the nickname
in the db?
There is no API to do this directly, but it's possible. However, it'll
take some work. Try the following :
1) read and backup the DER cert (or certs, if you have multiple with the
same subject name) from the DB . There is a "SECItem derCert" field in
the CERTCertificate structure to get at it .
If you have trust, use CERT_GetCertTrust to save it also.
2) delete the cert(s) from the DB . Use SEC_DeletePermCertificate .
3) import the cert(s) with a new nickname . Use CERT_ImportCerts to do this.
If you have trust, use CERT_ChangeCertTrust to restore it .
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
