using "sql/cert9 db" certutil cannot set trust on a new certificate created using a hardware token

NEW
Assigned to

Status

NSS
Libraries
9 years ago
7 years ago

People

(Reporter: glen beasley, Assigned: Robert Relyea)

Tracking

trunk
Sun
Solaris

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

9 years ago
while testing the fix for bug 374247 


certutil -S -n NewCert5 -s "O=BLA,C=US" -h "scaFIPS" -t ,,, -x -d .
Enter Password or Pin for "scaFIPS":

...deleted text...

Generating key.  This may take a few moments...

certutil: could not change trust on certificate: The operation failed because the PKCS#11 token is not logged in.

---
the key and cert were generated
certutil -K -d . -h scaFips
certutil: Checking token "scaFIPS" in slot "scaFIPS"
Enter Password or Pin for "scaFIPS":
< 0> rsa      583003972b23ac4890166562f9b56ceb68dd489b   scaFIPS:NewCert5
certutil -L -d .

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

NewCert5                                                     ,,   


I got the same error for cert9 on another box with a sca6000 card where the token is not in FIPS mode.
Summary: using "sql/cert9 db" certutil is not able to successfully create a new certificate using a hardware token → using "sql/cert9 db" certutil cannot set trust on a new certificate created using a hardware token
(Assignee)

Updated

9 years ago
Assignee: nobody → rrelyea

Comment 1

7 years ago
I have a similar issue when adding a certificate to HW token, after successful export of key and signing by a CA:

[xxx@xxxxxxxx:] hw-nss$ certutil -h dev-xx-xx -d . -A -n test-hw-nss -t "p,p,p" -i test-hw-nss.crt
Enter Password or Pin for "dev-xx-xx": < then password entry >
certutil: could not change trust on certificate: The operation failed because the PKCS#11 token is not logged in.
You need to log in before you can comment on or make changes to this bug.