In order to describing my point clearly, please consider the below simple
example.
1. Two certificates with same subject (CN=www.example.com) and different
nicknames (respectively, example1 and example2). Both of them are in PKCS12
format.
2. Import the certificates to an existing database
$ pk12util -i example1.p12 -d sql:exampledb -W 'example1pass'
pk12util: PKCS12 IMPORT SUCCESSFU
$ pk12util -i example2.p12 -d sql:exampledb -W 'example2pass'
pk12util: PKCS12 IMPORT SUCCESSFU
3. List the certificates
$ certutil -d sql:exampledb -L
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
example1
u,u,u
example1
u,u,u
Only nickname "example1" is listed.
4. Display certificate example1
$ certutil -d sql:exampledb -L -n example1
Here, in deed, certificate example2 is displayed.
It looks a bug.
Best regards,
John Jiang
2018-01-31 13:07 GMT+08:00 John Jiang <[email protected]>:
> Hi,
> I'm using NSS 3.35.
>
> With my testing, it is not allowed to import multiple certificates with
> same subject and different nicknames to a certificate database via pk12util.
> I just want to confirm this point.
>
> Best regards,
> John Jiang
>
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
