And now...
http://david.tiertant.com/installshield/007.jpg
This shows that I have to create the DBs using certutil -N -d . first or
I get the security authorization error when attempting to create the
certificate. So I delete the DBs, create new empty ones, then create a
certificate using trust flag ",,P" (also tried ",,C"), then it prompts
for the password for "NSS Certificate DB", which is presumably what I
typed in when doing certutil -N -d .
http://david.tiertant.com/installshield008.jpg
This shows that the certificate was created inside the database. I then
closed Mozilla products and ran signtool. -d was still causing problems,
but when I left it out, it complained with the same error. I think it
doesn't understand the directory "." which I'm sort of forced to use
because it doesn't like "-d ."
Maybe a newer version of signtool won't be such a little bitch about it.
David
David Tiertant wrote:
Interestingly enough, when I tried to include -d, signtool refused to do
anything other than spit out its syntax help. The process runs when
removing -d. It ends in an error (as you stated, probably related to
trust flags), but it runs. Could this be a bug in signtool? This is
shown below.
http://david.tiertant.com/installshield/006.jpg
David
I then closed my Mozilla apps and ran signtool -p"mypassword123" -k
mozillaCertificate .
That command seems to lack the -d "directory" option, telling signtool
the name of the directory in which to find the cert DBs. That will
generally not be the same directory as the directory containing the
contents of the JAR file being created.
It generated a bunch of files and then at zigbert.sf
signtool: PROBLEM signing data (Certificate not approved for this
operation)
the tree "." was NOT SUCCESSFULLY SIGNED
That's probably because of the trust flag issue I described above, but
could also be due to the absence of a -d option.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
