Comment # 134
on bug 1173158
from Tripple Moon
(In reply to Gary Ching-Pang Lin from comment #131)
> Then try mokutil with it:
>
> # mokutil --import cert.der --root-pw
Thanks for the help effort, i might as well try it on this Tumbleweed install
im writing from and show results.
I still had a DER encoded certificate that was used in my Kubuntu setup before
my switch to suse.
This certificate was *successfully* used to automatically sign kernel modules
on that system while i was still running Kubuntu.
It is no longer enrolled on my system, but can be when needed from my backup.
> > mokutil --import MOK.der --root-pw; echo $?
> Failed to enroll new keys
> 255
> > openssl x509 -text -noout -inform der -in MOK.der
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> 20:20:07:07:08:09:46:5f:04:2d:ca
> Signature Algorithm: sha256WithRSAEncryption
> Issuer: CN = Secure Boot Module Signature key (OEM-MOK), O = TriMoon Inc., OU = Certs
> Validity
> Not Before: Jul 7 08:09:46 2020 GMT
> Not After : Jul 7 08:09:46 2050 GMT
> Subject: CN = Secure Boot Module Signature key (OEM-MOK), O = TriMoon Inc., OU = Certs
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public-Key: (2048 bit)
> Modulus:
> XXXXXX
> Exponent: 65537 (0x10001)
> X509v3 extensions:
> X509v3 Subject Key Identifier:
> 7B:43:DC:5C:FF:86:D6:18:4B:AE:7B:25:48:0A:A9:1B:57:84:C6:D9
> X509v3 Authority Key Identifier:
> keyid:7B:43:DC:5C:FF:86:D6:18:4B:AE:7B:25:48:0A:A9:1B:57:84:C6:D9
>
> X509v3 Basic Constraints: critical
> CA:FALSE
> X509v3 Extended Key Usage:
> Code Signing, 1.3.6.1.4.1.2312.16.1.2
> Netscape Comment:
> OpenSSL Generated Certificate
> Signature Algorithm: sha256WithRSAEncryption
> XXXXXX
> > mokutil --list-new
> nothing shown...