This is in reference to new feature added in Tiger to create pkcs12 file.
Currently pkcs12 implementation in J2SE works well with all vendors,
for e.g. IE/Netscape/OpenSSL. However, NSS pk12util tool fails to accept it.
This problem is seen when pkcs12 file includes an entry with a
certification chain.

Description:
PKCS#12 is mainly used to deliver private keys with their associated
certificate chain. As per the PKCS12 specification, each entry includes
attributes, which are optional. Although existence of these attributes is
optional, it is needed to match the private key with the associated certificate.

Problem:
NSS pkcs12 implementation has certain requirements on the value of these
attributes. Other vendors *do not* impose these requirements.

Solution:
We need to update our pkcs12 implementation to work with NSS.