Hi, Hi you were correct, the trust was designated as Pu,Pu,Pu. Still
- NSS is 3.12 built on Windows XP, VS2003 + MozillaBuild - NSS_ENABLE_ECC + NSS_ECC_MORE_THAN_SUITE_B with patched ecl-curve.h (removed #error) I will try to find the topic you mentioned. Best regards, Momcilo Majic Nelson B Bolyard wrote: > Momcilo Majic wrote, On 2008-08-25 13:03: > >> I have created simple CA using ejbca. The root certificate is ECDSA based. >> >> 1. Than I've tried to create certificate request using certutil: >> certutil -R -s "CN=TestECDSA" -o request.req -a -d database -k ec -q >> nistp192 -a >> 2. I've uploaded resulting request to the EJBCA, signing and got cert.pem >> 3. I've imported the resulting certificate >> 4. Listing the keys still designates only one ec key with status orphan > > What version of NSS did you use? > > I'm having Deja vu here. Did we discuss this a few weeks ago? > > As I recall, some versions of NSS had a bug in the certutil -K command > that caused it to report keys as orphans that were not orphans. > However, the certutil -L command properly reported whether the private > key corresponding to each cert was found (in the key DB) or not. > > So, if you list your new cert with certutil -L, and you see the "u" trust > flags (e.g. u,u,u) then you know that NSS has correctly matched up the > key and the cert, and all is well, despite certutil -K's diagnosis. > > If you're having this result with NSS 3.12.x, please let us know. > Also, if you don't get the "user" trust flags when you list that cert, > then let us know. But the version of NSS is crucial. Also, if you > got your NSS from some (any) Linux distribution, let us know what > Linux distribution you got it from. > > Thanks. > >> Does anybody knows how to establish relationship between >> request-key-certificate? > > It should be entirely automatic. You can't force it. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto