hawkinsconsult...@googlemail.com wrote, On 2009-05-01 00:25: > I am having a problem importing a certificate. I am using the > following commands > /blah/certutil -D -n "s1as" -d . > /blah/certutil -A -n "s1as" -t "u,u,u" -d . -i /tmp/blah.cer > > The problem is that it will not import the certificate with the > trustargs u,u,u when I do a list of the database it shows empty > trustargs > s1as ,,, > where is should show trustargs > s1as u,u,u > > Thanks Pete
Pete, the "u" trust flags are purely dynamic. They cannot be set by a command. They indicate that the key DB holds the private key corresponding to the public key in the certificate. If the private key is present, the "u" will show, and if it's not, the u will not show. It sounds like you need to import both the certificate and the private key. To do that, you should export the cert and private key into a PKCS#12 file (e.g. .p12 or .pfx) and then import that using pk12util, rather than certutil. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
