Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

certutil - Generate a new key.

39 views
Skip to first unread message

Matt Yakel

unread,
Apr 15, 2013, 5:34:31 PM4/15/13
to mozilla-dev...@lists.mozilla.org
Hi all, Is the "certutil" a linux tool only? I am needing to deploy
Local Security Certs to our work network (windows). I am trying to use
the FirfoxADM to deploy the local user profile settings. I need to get
our Office Trusted CA in the .cer form into the (cert8.db, key3.db,
secmod.db) files that the Firefox ADM template references. I am not sure
what that is or how to get the tools to convert them. I found the
following links.

http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html

I kinds of understand the syntax of adding the parameter to the command.
But is this a Linux only tool? will it handle "*.cer" files?

I see that I can download the .tar.gz from here, but how do I install it?

http://www.mozilla.org/projects/security/pki/nss/tools/


Thanks any help is appreciated.

Robert Relyea

unread,
Apr 16, 2013, 2:01:58 PM4/16/13
to dev-tec...@lists.mozilla.org
On 04/15/2013 02:34 PM, Matt Yakel wrote:
> Hi all, Is the "certutil" a linux tool only? I am needing to deploy
> Local Security Certs to our work network (windows).

No, it can be built for pretty much any NSS supported platform. We use
it as part of the NSS tests. However, I know of no one who is
distributing a version of certutil other than on linux.
> I am trying to use the FirfoxADM to deploy the local user profile
> settings. I need to get our Office Trusted CA in the .cer form into
> the (cert8.db, key3.db, secmod.db) files that the Firefox ADM template
> references. I am not sure what that is or how to get the tools to
> convert them. I found the following links.
>
> http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html
>
> I kinds of understand the syntax of adding the parameter to the
> command. But is this a Linux only tool? will it handle "*.cer" files?
>
> I see that I can download the .tar.gz from here, but how do I install it?
>
> http://www.mozilla.org/projects/security/pki/nss/tools/

Unfortunately that page is about a decade old. Your best bet would be to
try to build NSS yourself on Windows:
http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-build.html

You'l find certutil in mozilla/dist/{platform}.OBJ/bin where {platform}
is something like WIN95_DBG or WINNT_OPT depending on your build
configuration.


NOTE: NSS has recently moved to HG, so there should be newer build
instructions sometime in the future (they may already be available), but
the link above should get you a reasonably up to date version of certutil.

bob

helpcrypto helpcrypto

unread,
Apr 19, 2013, 9:53:57 AM4/19/13
to mozilla's crypto code discussion list
On Tue, Apr 16, 2013 at 8:01 PM, Robert Relyea <rre...@redhat.com> wrote:

> On 04/15/2013 02:34 PM, Matt Yakel wrote:
>
>> Hi all, Is the "certutil" a linux tool only? I am needing to deploy Local
>> Security Certs to our work network (windows).
>>
>
> No, it can be built for pretty much any NSS supported platform. We use it
> as part of the NSS tests. However, I know of no one who is distributing a
> version of certutil other than on linux.


Some time ago, we obtianed a modutil and certutil exe's which actually
using in our software.


> I am trying to use the FirfoxADM to deploy the local user profile
>> settings. I need to get our Office Trusted CA in the .cer form into the
>> (cert8.db, key3.db, secmod.db) files that the Firefox ADM template
>> references. I am not sure what that is or how to get the tools to convert
>> them. I found the following links.
>>
>> http://www.mozilla.org/**projects/security/pki/nss/**tools/certutil.html<http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html>
>>
>> I kinds of understand the syntax of adding the parameter to the command.
>> But is this a Linux only tool? will it handle "*.cer" files?
>>
>> I see that I can download the .tar.gz from here, but how do I install it?
>>
>> http://www.mozilla.org/**projects/security/pki/nss/**tools/<http://www.mozilla.org/projects/security/pki/nss/tools/>
>>
>
> Unfortunately that page is about a decade old. Your best bet would be to
> try to build NSS yourself on Windows: http://www.mozilla.org/**
> projects/security/pki/nss/nss-**3.11.4/nss-3.11.4-build.html<http://www.mozilla.org/projects/security/pki/nss/nss-3.11.4/nss-3.11.4-build.html>
>
> You'l find certutil in mozilla/dist/{platform}.OBJ/**bin where {platform}
> is something like WIN95_DBG or WINNT_OPT depending on your build
> configuration.
>

Please, if you build using mingw, just let me know!


> NOTE: NSS has recently moved to HG, so there should be newer build
> instructions sometime in the future (they may already be available), but
> the link above should get you a reasonably up to date version of certutil.
>

Happy weekend!
0 new messages