> Is that really the verbatim output of signtool -l? Does your self-signed > cert have "Common Name - Organization" as its name?
That is correct, this is just a test self-signed cert. > "security library: bad database" is a somewhat generic error you'll > encounter when signtool fails to find a cert for signing. The first part > of the error message actually indicates what the problem is: apparently > you used "-k testcert" to specify the name of the cert, but there is no > cert with this nickname in your cert database (if the output above is > really what signtool -l shows, then you'd have to use -k "Common Name - > Organization"). You are correct, and there was a misunderstanding on my part. When I created the cert, I got a x509.cacert which I read (http:// web.archive.org/web/20060425194511/www.mozdevgroup.com/docs/pete/ Signing-an-XPI.html) was used to sign objects. I think this is incorrect, and is the public key, not a private key. If I got that part right, then when I loaded the x509.cacert into my XUL application and tried to use signtool to sign an archieve, it was failing because I was trying to sign with a public key. So the error it was giving me makes sense (now that you have explained it). But now I am at a loss for my next step. I have a CA certificate which is loaded into my XULRunner database, I now need to sign an object file. I have read somewhere else (I can't find the resource), that issuing a certificate request should get you a certificate and private key. I am able to get the certificate (which I guess I distribute), but not sure how to get the private key to sign my object file. The CA doesn't do this to the best of my knowledge. > Be very sure that no mozilla apps are running when you copy the cert > and/or key DBs, or you will get corrupted results. Yep, I made sure this wasn't the case. Cesar _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
