the one in the file
certutil can import just certificate, keys need to be imported from PKCS#12
files
see pkcs12 man page for openssl utility that allows you to convert a PEM
format cert and key pair to a pkcs12 file
then use pk12util to import it to NSS database
can you explaine the keys you said in "keys need to be imported from PKCS#12 files" ?
it represent private key or the key needs when you install a p12 cert?
i have another question: when use certutil to create a nssdb, there will create cert9.db, key4.db and pkcs11.txt in home/nssdb/
and install cert an app need, and then if i cpoy those file to another pc, can it work ?
if can, the cert will no need to exist.
in fact i want to write cert into system store,
in windows i can use API CertOpenSystemStore,
but in linux, i can not.
the QCA (Qt Cryptographic Architecture ) surpport system store, i send my question to mail list of it, but no reply.
> 2, the cert i wrote has private key, like format follow:
> ------BEGIN CERTIFICATE-----
>
> ------END CERTIFICATE-----
> ------BEGIN EC PRIVATE KEY-----
>
> ------END EC PRIVATE KEY-----
>
>
> how can i to deal with it?
>
see above
> 3, can you help me to packaged the certutil tool into API function, then i
> can use it in my QT app?
sorry, I'm not familiar with C/C++ API of NSS, I can only suggest reading
sources of certutil, pk12util and online documentation here:
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference
> but i use command "certutil -L -n nick-name", it reply "certutil: function
> failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in old,
> unsupported format."
you need to always specify the database using -d otherwise you're using the
default from ~/.netscape
Currently a user default database is stored in ~/.pki/nssdb
> how can i get the cert i wrote in?
>
>
>
> i use command ""certutil -L -a -n nick-name -d sql:./nssdb/"
> it display the cert content with not private key
to export the key you must use pk12util, there's no other standard NSS tool to
do that
> kelly