Since you say you originally created the key/cert with openssl, just use openssl to package those things up into a PKCS#12 file and use pk12util to import them.
First, copy the text of the keyfile into the certfile or vice versa (or cat them both into a 3rd file), it doesn't matter as long as both are in the same file. Then run either of the below commands where file.pem is the file you just put the cert/key into. The second command allows you to put some CA certs into the PKCS12 should you so desire. The -name field ends up being the "Friendly name" and after you import using pk12util it will be the nickname that you use to reference the cert/key via NSS and the server products so choose wisely there. openssl pkcs12 -export -in file.pem -out file.p12 -name "Server-Cert" openssl pkcs12 -export -in file.pem -out file.p12 -name "Server-Cert" - certfile othercerts.pem then to import to NSS, this is usually enough: pk12util -i file.p12 -d [cert/key db location] then list the contents of your DB: certutil -L -d [cert/key db location] if you see 3 u's after the nickname then you did it right and the cert AND key are there: $ nsscertutil -L -d . Server-Cert u,u,u _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
