----- Original Message ----- > Hello, > > I am using NSS 3.12.6. I am trying to add different certs (with > slightly) different nickname in my db using certutil. However I > found, that certutil adds them with the same nick name. I have about > 130 certificates in database and it is happening on at least 5 > different certificates. What I am doing wrong?
Probably nothing. NSS, for better or worse, does not map nicknames to certs, but nicknames to subjects. All certs with the same subject will have the same nickname. If you are using the old database (dbm), that semantic is built into the database format. If you are using sqlite, it maybe be possible to trick NSS into setting a different nickname on the certificate, but even so, NSS will then reference both certs with both nicknames. The theory was certs with the same nickname mapped to the same personality. NSS would use the cert that was most appropriate for the operation (auth certs for SSL client auth, signing certs for object signing, etc). In practice applications typically 'know' which cert to use, so the semantic can get in the way, but it's already built in:(. bob > > certutil -d <PATH TO DB> -A -i 1-OCIO_0x46EACCEC.cer -n > '1-OCIO_0x46EACCEC' -t "c,c,c" > Enter Password or Pin for "NSS FIPS 140-2 Certificate DB": > -bash-3.2$ certutil -L -d <PATH TO DB> | grep -i OCIO > 1-OCIO_0x46EACCEC c,c,c > -bash-3.2$ certutil -d <PATH TO DB> -A -i 1-OCIO_0x4A61D147.cer -n > '1-OCIO_0x4A61D147' -t "c,c,c" > Enter Password or Pin for "NSS FIPS 140-2 Certificate DB": > -bash-3.2$ certutil -L -d <PATH TO DB> | grep -i OCIO > 1-OCIO_0x46EACCEC c,c,c > 1-OCIO_0x46EACCEC c,c,c > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
