Hi,

Hi you were correct, the trust was designated as Pu,Pu,Pu. Still

- NSS is 3.12 built on Windows XP, VS2003 + MozillaBuild
- NSS_ENABLE_ECC + NSS_ECC_MORE_THAN_SUITE_B with patched ecl-curve.h
(removed #error)

I will try to find the topic you mentioned.

Best regards,

Momcilo Majic

Nelson B Bolyard wrote:
> Momcilo Majic wrote, On 2008-08-25 13:03:
> 
>> I have created simple CA using ejbca. The root certificate is ECDSA based.
>>
>> 1. Than I've tried to create certificate request using certutil:
>> certutil -R -s "CN=TestECDSA" -o request.req -a -d database -k ec -q 
>> nistp192 -a
>> 2. I've uploaded resulting request to the EJBCA, signing and got cert.pem
>> 3. I've imported the resulting certificate
>> 4. Listing the keys still designates only one ec key with status orphan
> 
> What version of NSS did you use?
> 
> I'm having Deja vu here.  Did we discuss this a few weeks ago?
> 
> As I recall, some versions of NSS had a bug in the certutil -K command
> that caused it to report keys as orphans that were not orphans.
> However, the certutil -L command properly reported whether the private
> key corresponding to each cert was found (in the key DB) or not.
> 
> So, if you list your new cert with certutil -L, and you see the "u" trust
> flags (e.g. u,u,u) then you know that NSS has correctly matched up the
> key and the cert, and all is well, despite certutil -K's diagnosis.
> 
> If you're having this result with NSS 3.12.x, please let us know.
> Also, if you don't get the "user" trust flags when you list that cert,
> then let us know.  But the version of NSS is crucial.  Also, if you
> got your NSS from some (any) Linux distribution, let us know what
> Linux distribution you got it from.
> 
> Thanks.
> 
>> Does anybody knows how to establish relationship between 
>> request-key-certificate?
> 
> It should be entirely automatic.  You can't force it.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to