Hi, I have a Verisign Digital ID Class 3 - Microsoft Software Validation v2 certificate, which I would like to use to sign my xpi.
I have followed the steps described on this page http://oyoy.eu/huh/firefox-extension-code-signed-with-spc-pvk/ Briefly 1., I use pvkimport to convert spc and pvk to pfx file 2., I use pk12util to create a new database and import the cert Verification certutil - L -d . lists my one and only cert signtool -L -d . lists all of the certs, but only mine has a * before the name When I try to use it with signtool, I get this ... Generating zigbert.sf file.. warning - can't find private key for this cert signtool: PROBLEM signing data (Unknown issuer) When I use the pvkimprt, I choose export the private key option, otherwise there is no possibility to create pfx file. I can successfully import the pfx into FF3. I do not get it where the private key should be..., and why the issuer is "unkown" Any help would be appreciated. TIA, giorgio71 PS, it might help - the result for pk12util -l my.pfx Enter password for PKCS12 file: Key(shrouded): Friendly Name: 2bee11b8-ca7d-4f71-b580-f72a581f84fa Certificate(has private key): Data: Version: 3 (0x2) Serial Number: 75:d4:6f:16:94:1d:8d:cf:07:7a:1a:d3:70:22:fa:b2 Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=VeriSign Class 3 Code Signing 2004 CA,OU=Terms of use at https://www.verisign.com/rpa (c)04,OU=VeriSign Trust Network,O="V eriSign, Inc.",C=US" Validity: Not Before: Tue Jun 24 00:00:00 2008 Not After : Sat Jun 27 23:59:59 2009 Subject: "CN="Global Knowledge Software, LLC",OU=OnDemand Software,OU =Digital ID Class 3 - Microsoft Software Validation v2,O="Global Knowledge Software, LLC",L=King of Prussia,ST=Pennsylvania,C=US" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: c3:bd:d1:c7:31:8f:cc:8f:05:e4:de:d4:be:02:16:c2: 34:a5:de:12:de:8f:63:30:c4:d7:ec:11:d4:e5:46:29: 97:99:59:70:8a:a5:8e:74:16:38:9a:73:f4:42:86:59: 6e:cc:40:2d:c4:f1:02:ad:4d:71:ac:e4:e6:85:59:76: 2d:9e:52:cf:fd:63:e9:f4:f0:48:fd:20:bc:34:a4:0c: 9f:e9:3c:91:e8:67:fe:8a:cb:0d:28:d0:5a:a6:93:0a: 08:48:0d:39:a8:19:aa:d1:9a:78:42:7b:b1:92:90:fb: 0b:3f:97:6a:a4:b0:2e:73:8c:50:69:0d:77:2d:8c:e5 Exponent: 65537 (0x10001) Signed Extensions: Name: Certificate Basic Constraints Data: Is not a CA. Name: Certificate Key Usage Critical: True Usages: Digital Signature Name: CRL Distribution Points URI: "http://CSC3-2004-crl.verisign.com/CSC3-2004.crl"; Name: Certificate Policies Data: Policy Name: OID.2.16.840.1.113733.1.7.23.3 Policy Qualifier Name: PKIX CPS Pointer Qualifier Policy Qualifier Data: "https://www.verisign.com/ rpa" Name: Extended Key Usage Code Signing Certificate Name: Authority Information Access Method: PKIX Online Certificate Status Protocol Location: URI: "http://ocsp.verisign.com"; Method: PKIX CA issuers access method Location: URI: "http://CSC3-2004-aia.verisign.com/CSC3-2004- aia.cer" Name: Certificate Authority Key Identifier Key ID: 08:f5:51:e8:fb:fe:3d:3d:64:36:7c:68:cf:5b:78:a8: df:b9:c5:37 Name: Certificate Type Data: <Object Signing> Name: OID.1.3.6.1.4.1.311.2.1.27 Data: Sequence { Boolean: False Boolean: True } Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Signature: 7a:ac:34:73:1b:58:7b:16:97:e0:b3:4e:df:b3:4b:55: c4:b8:ff:94:cc:de:13:88:6b:b9:c9:63:26:95:28:6f: ba:f3:f2:0e:90:af:8d:8c:90:ca:77:d0:79:17:a3:f6: d5:21:8b:de:a3:1a:25:54:54:81:15:1e:cc:f2:7d:ec: 91:ae:7a:69:58:58:09:33:84:9a:6e:e2:0d:6c:24:17: 94:39:25:76:1a:94:28:42:c4:69:ab:a3:63:65:44:cf: d2:56:10:ed:f6:85:23:b7:d8:86:49:57:ba:2a:cf:59: 00:57:2b:62:ac:7f:98:ea:7a:76:5c:ca:a6:99:74:28: 36:34:de:49:20:35:68:70:a9:77:19:e3:46:c7:02:2b: 0e:11:04:ee:3a:4c:49:ea:a4:c2:52:dc:76:3a:71:9b: 43:6e:cb:4b:4c:b6:96:ef:e5:26:19:17:da:35:ee:b9: bd:a1:5b:05:ba:cb:c3:52:2b:d3:ef:9c:c0:67:5f:89: 88:da:b9:b5:d2:0f:00:bf:8b:b7:25:6b:b9:8f:da:d3: 30:8e:05:54:36:79:d8:29:4e:2c:6c:99:8a:21:4c:f7: 96:1c:bd:04:e8:8c:11:4e:a5:df:65:e0:7a:2e:bb:50: 21:18:10:b9:7f:9f:0d:41:84:b3:bb:37:8a:0e:8b:84 Fingerprint (MD5): A7:E4:A5:07:22:E2:3C:D6:49:B4:16:F2:2F:41:7E:38 Fingerprint (SHA1): 78:D7:10:21:70:E9:C2:06:0D:F9:13:E6:E4:AC:BC:51:B8:EE:18:E0 _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
