I'm trying to figure out a different behavior I'm seeing today vs. NSS I
was using about a year ago.
Basically I have a code signing cert that contains a complete chain and
my memory of importing a year ago (and looking at the DB files that I
have generated from when I did that work), it has a copy of the Thawte
Premium Server CA in the local DB with c,c,C
It looks like this:
Brand Thunder u,u,u
Thawte Code Signing CA - Thawte Consulting cc ,,
thawte c,c,C
However when I import it using a current NSS, I just get this:
Brand Thunder u,u,u
Thawte Code Signing CA - Thawte Consulting cc c,,c
I know that something is wrong because when I try to sign an XPI in
Firefox using the new database, I get:
signtool: PROBLEM signing data (Unknown issuer)
So it appears that my certificate doesn't like the built in issuer in
NSS. Based on my understanding, that is:
Builtin Object Token:Thawte Premium Server CA C,p,C
The issuer of our cert is:
issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte Code Signing CA
The issuer of that cert is:
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailaddress=premium-ser...@thawte.com
So I'm trying to figure out why the builtin Thawte Premium Server is not
a valid issuer for our certificate?
Mike
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
