Hello,
in the meantime i got it working. The problem was the
master CA setup: after instantating the ca the certs
have been replaced by the certs from another instance
- but the entires clone*.
privkey.id
had not been updated.
After recognizing this I only had to match the
(unsigned) output of certutil -K with the (signed)
params in CS.cfg. I did this by inserting some
"System.out.println" into
com.netscape.cmsutil.crypto.CryptoUtil
findPrivateKeyFromID() and patching the new
.class-File into the .jar-file. Watching the
catalina.out while trying to clone the ca gave then
all needed infos.
Another fresh install after that completed without
problems.
Yours,
Alexander Jung