Fix pkcs12 export The utility for exporting certs and keys to a PKCS12 file did not handle the signing certificate correctly. This is because the signing certificate was imported multiple times during the export process - either with its key (and key id set) or as part of the cert chain for the other system certs (with no key set). Each import would override the previous import - so whether or not the key_id was set would depend on the order in which the certificates were imported. This becomes an issue for import into a clone certdb, because in the new mechanism, we rely on the cert attributes (ie. key_id) to determine if a key is to be imported or not. We fix this by specifying whether the entry in the export should be overwritten or not. Please review, Ade _______________________________________________ Pki-devel mailing list Pki-devel(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-devel