Re: Signtool error message "No more entries..."

Wed, 01 Aug 2007 01:40:06 -0700 

Nelson,

  * Many thanks for the reply. I thought that "PvkTmp:
99ace907-0a0c-4066-bd60-751431d09f92" is too complex for the NSS and
tried to do something with it.
Problem was solved by changing friendly name of the cert. I added my
cert into IE certificates db, corrected field "friendly name" (the
only field that can be changed) into "BlaBlaBlaCert" that contains
only alphabetical symbols, no colons. Then I exported it into
same .pfx format and with new pfx-file signing was done perfectly.
 * I'm completely newbie to security and digital signing, but I'll try
my best to answer your questions.

> What version of NSS are they from?
 * I use nss 3-11

> 2) Do you have a crypto "module" or "token" or "smart card" configured?
> And is its name "PvkTmp" ?
> If you're not sure, then in the same directory where you did the above
> command, do this other NSS command and send us the output:
>     modutil -list -dbdir .
> If you find the string "PvkTmp" in that output, then you do have a slot
> or token by that name, otherwise you don't.
 * I'm not sure I understand what is crypto "module" or "token". Is it
a module that produces pfx-file with the certificate? Unfortunately,
I'm not creator of the certificate. Anyway, here the output (after
injecting my cert into db):

Using database directory ....

Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
         slots: 2 slots attached
        status: loaded

         slot: NSS Internal Cryptographic
Services
        token: NSS Generic Crypto Services

         slot: NSS User Private Key and Certificate
Services
        token: NSS Certificate DB

  2. Root Certs
        library name: ./nssckbi.dll
         slots: 1 slot attached
        status: loaded

         slot:
        token: Builtin Object Token
-----------------------------------------------------------


> 2) Prepend the name of NSS's built-in PKCS#11 software token to the
> nickname of your cert, e.g. instead of
>     -k "PvkTmp:99ace907-0a0c-4066-bd60-751431d09f92"
> try
>     -k "NSS Certificate DB:PvkTmp:99ace907-0a0c-4066-bd60-751431d09f92"
>
That works too. My cert also was successfully signed using this prefix

Suppose that information will help to improve NSS tools. Thanks again.

Vladimir

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to