Dave Thank you for the detailed explanation. It all makes sense now.
You generated the key pair on a PC that didn't have the TPM chip. So the private key couldn't have been generated in the TPM chip, and when you generated it, mozilla (FF/TB/SM) didn't ask you which device you wanted to use to generate the keypair because, on that machine, there was no choice to be made. Now, you've imported the .p12 file onto the laptop, and we *think* that it's finally on the TPM, but I'd like to confirm that. Please redo the certutil list test,, e.g. certutil -L -h "Embedded Security Chip" -d X:/ThunderbirdProfile and see if you get a non-empty output this time, and if it shows that you have the private key in the TPM this time. (Be sure that Thunderbird is not running when you do that!) Thanks again, and best regards, /Nelson _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
