Closed
Bug 242633
Opened 20 years ago
Closed 17 years ago
certutil: unable to generate key(s) for a passwordless database
Categories
(NSS :: Tools, enhancement)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: timeless, Assigned: julien.pierre)
References
()
Details
./certutil -S -s "CN=my.domain, O=my.domain" -n "my.domain" -t ",,C" -x -d . -1 -2 -5 I generate the seed as requested, and then I get the following message: certutil: unable to generate key(s) : An I/O error occurred during security authorization. --- I've tried playing with this code and I can't figure out how to get pk11_handleObject /* don't create a private object if we aren't logged in */ if ((!slot->isLoggedIn) && (slot->needLogin) && (pk11_isTrue(object,CKA_PRIVATE))) { return CKR_USER_NOT_LOGGED_IN; } to play nice. I tried using isfriendly but that didn't work. I can't see any reason to require a password on the database, just to add a cert.
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Updated•18 years ago
|
Assignee: wtchang → nobody
QA Contact: jason.m.reid → tools
Assignee | ||
Comment 1•17 years ago
|
||
I created a passwordless database too with : certutil -d . -N I could not reproduce the problem . [jp96085@monstre]/net/monstre/export/home/julien/nss/tip/mozilla/dist/SunOS5.10_i86pc_DBG.OBJ/bin 290 % ./certutil -S -s "CN=my.domain, O=my.domain" -n "my.domain" -t ",,C" -x -d . -1 -2 -5 A random seed must be generated that will be used in the creation of your key. One of the easiest ways to create a random seed is to use the timing of keystrokes on a keyboard. To begin, type keys on the keyboard until this progress meter is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD! Continue typing until the progress meter is full: |************************************************************| Finished. Press enter to continue: Generating key. This may take a few moments... 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish 0 0 - Digital Signature 1 - Non-repudiation 2 - Key encipherment 3 - Data encipherment 4 - Key agreement 5 - Cert signing key 6 - CRL signing key Other to finish 7 Is this a critical extension [y/N]? n Is this a CA certificate [y/N]? y Enter the path length constraint, enter to skip [<0 for unlimited path]: 1 Is this a critical extension [y/N]? n 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish 5 0 - SSL Client 1 - SSL Server 2 - S/MIME 3 - Object Signing 4 - Reserved for future use 5 - SSL CA 6 - S/MIME CA 7 - Object Signing CA Other to finish 8 Is this a critical extension [y/N]? n I did recreate the problem with no db at all, but that's not the same as a passwordless database - that's user error. Marking INVALID.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
Assignee | ||
Updated•17 years ago
|
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
Assignee | ||
Updated•17 years ago
|
Assignee: nobody → julien.pierre.boogz
Assignee | ||
Updated•17 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•