certutil: unable to generate key(s)
Jay Hennessy
I've just downloaded the distribution of the NSS tools. I am trying to
create a CA to sign my own XUL applications. When I run certutil as follows:
./certutil -S -s "CN=my.domain, O=my.domain" -n "my.domain" -t ",,C" -x
-d . -1 -2 -5
I generate the seed as requested, and then I get the following message:
certutil: unable to generate key(s)
: An I/O error occurred during security authorization.
If anyone has any ideas I'd be grateful.
Jay
Jay Hennessy
12 of the new Mozilla book (http://books.mozdev.org) it suggests
deleting the key3.db and secmod.db files after creating the certificate
database. That was the problem - you mustn't.
Jay
Nelson B. Bolyard
> > I've just downloaded the distribution of the NSS tools. I am trying to
> > create a CA to sign my own XUL applications. When I run certutil as
> > follows:
> >
> > ./certutil -S -s "CN=my.domain, O=my.domain" -n "my.domain" -t ",,C" -x
> > -d . -1 -2 -5
> >
> > I generate the seed as requested, and then I get the following message:
> >
> > certutil: unable to generate key(s)
> > : An I/O error occurred during security authorization.
> >
> > If anyone has any ideas I'd be grateful.
Jay Hennessy wrote:
>
> In answering my own question: whilst following instructions in Chapter
> 12 of the new Mozilla book (http://books.mozdev.org) it suggests
> deleting the key3.db and secmod.db files after creating the certificate
> database. That was the problem - you mustn't.
Yes, it seems that NSS will not let you generate a key pair in a crypto
token (key DB, in this case) that has no password. If you deleted the
key DB after it was created, then when you ran certutil, it would
create another key DB, but the new key DB would have no password.
If the book you bought has any way to report errors to the authors,
please report this error to them. Thanks.
--
Nelson Bolyard
Disclaimer: I speak for myself, not for Netscape
Nelson B. Bolyard
Jay Hennessy
the bottom of the relevant Chapter (12).