This content has been marked as final. Show 1 reply
Found the root cause for this one. The code which generated the RSA key for the cert was not quite right, and mismatched the certs and keys. When this happened it broke the NSS DB, because the association between the keys and certs got damaged, and Java could not access the DB reliably anymore. However, Java is still part of the problem, because it fails to check if the CKA_ID (NSS / PKCS11 Key ID), which is calculated from the RSA modulus inside the public key / cert and the private key, are properly matching or not.