(In reply to Gary Ching-Pang Lin from comment #131) > Then try mokutil with it: > > # mokutil --import cert.der --root-pw Thanks for the help effort, i might as well try it on this Tumbleweed install im writing from and show results. I still had a DER encoded certificate that was used in my Kubuntu setup before my switch to suse. This certificate was *successfully* used to automatically sign kernel modules on that system while i was still running Kubuntu. It is no longer enrolled on my system, but can be when needed from my backup. > > mokutil --import MOK.der --root-pw; echo $? > Failed to enroll new keys > 255 > > openssl x509 -text -noout -inform der -in MOK.der > Certificate: > Data: > Version: 3 (0x2) > Serial Number: > 20:20:07:07:08:09:46:5f:04:2d:ca > Signature Algorithm: sha256WithRSAEncryption > Issuer: CN = Secure Boot Module Signature key (OEM-MOK), O = TriMoon Inc., OU = Certs > Validity > Not Before: Jul 7 08:09:46 2020 GMT > Not After : Jul 7 08:09:46 2050 GMT > Subject: CN = Secure Boot Module Signature key (OEM-MOK), O = TriMoon Inc., OU = Certs > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public-Key: (2048 bit) > Modulus: > XXXXXX > Exponent: 65537 (0x10001) > X509v3 extensions: > X509v3 Subject Key Identifier: > 7B:43:DC:5C:FF:86:D6:18:4B:AE:7B:25:48:0A:A9:1B:57:84:C6:D9 > X509v3 Authority Key Identifier: > keyid:7B:43:DC:5C:FF:86:D6:18:4B:AE:7B:25:48:0A:A9:1B:57:84:C6:D9 > > X509v3 Basic Constraints: critical > CA:FALSE > X509v3 Extended Key Usage: > Code Signing, 1.3.6.1.4.1.2312.16.1.2 > Netscape Comment: > OpenSSL Generated Certificate > Signature Algorithm: sha256WithRSAEncryption > XXXXXX > > mokutil --list-new > nothing shown...