In signtool's function if the call to fails for any reason, signtool outputs the error message "the cert \"%s\" does not exist in the database" ^^^^^^^^^^^^^^^ This is misleading, because it may not have looked "in the database" AT ALL. The phrase "in the database" should be removed.
Correction: In signtool's function create_pk7, if the call to PK11_FindCertFromNickname fails for any reason ... See http://lxr.mozilla.org/security/source/security/nss/cmd/signtool/sign.c#270
Created attachment 274528 [details] [diff] [review] patch v1 This should do it
Comment on attachment 274528 [details] [diff] [review] patch v1 r+
Checking in cmd/signtool/sign.c; new revision: 1.13; previous revision: 1.12