main/nss: Cannot import any certificate
Hi, I'm trying to import a X.509 certificate with its private key into Firefox and I cannot figure out how to do it, all I get is a message saying The PKCS #12 operation failed for unknown reasons
. If I try to import it using pk12util
, from nss-tools
, I get this:
$ pk12util -d /home/rst/.mozilla/firefox/2pj86lxs.Default\ User/ -i certificate.p12
Enter password for PKCS12 file:
pk12util: PKCS12 decode validate bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.
$
I have tried it both with a bona fide, legally valid certificate, and by generating my own, like this:
openssl req -new -x509 -nodes -out CA.crt -keyout CA.key -newkey rsa:4096 -sha256 -days 365
openssl req -new -out peticionA.csr -keyout claveprivadaA.key -nodes -newkey rsa:2048 -sha256
openssl x509 -req -in peticionA.csr -CAkey CA.key -CA CA.crt -days 60 -sha256 -out certificadoA.crt -CAcreateserial
openssl pkcs12 -export -out certificadoA.p12 -in certificadoA.crt -inkey claveprivadaA.key -CAfile CA.crt
I know this is no way to manage a PKI, but the fact is that I can import the resulting file into Firefox on Arch Linux, but there is no way to get it accepted by either Firefox or pk12util on Alpine. Any ideas?