Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
The certificate/key database is in an old, unsupported format.
4,753 views
Skip to first unread message
Graham Leggett
Oct 14, 2015, 6:24:43 AM10/14/15
to mozilla's crypto code discussion list
Hi all,
During a recent Firefox upgrade, all my digital certificates and keys vanished (as well as all saved passwords, but that is a separate problem).
The cert8.db and key3.db files are still there, however I am struggling to find a version of certutil that can read them. Using certutil from v3.14.3 (as provided by macports) I get the following:
Little-Net:tmp minfrin$ nss-certutil -L -d .
nss-certutil: function failed: The certificate/key database is in an old, unsupported format.
Can anyone confirm whether a mechanism exists to a) determine what format we have, and b) convert it to a format we can read?
Google reveals the --upgrade-merge option, however this also fails:
Little-Net:tmp minfrin$ nss-certutil --upgrade-merge --source-dir . -d . --upgrade-id local
nss-certutil: function failed: The certificate/key database is in an old, unsupported format.
Can anyone confirm what one needs to do to extract certs and keys out of cert8.db?
Regards,
Graham
—
During a recent Firefox upgrade, all my digital certificates and keys vanished (as well as all saved passwords, but that is a separate problem).
The cert8.db and key3.db files are still there, however I am struggling to find a version of certutil that can read them. Using certutil from v3.14.3 (as provided by macports) I get the following:
Little-Net:tmp minfrin$ nss-certutil -L -d .
nss-certutil: function failed: The certificate/key database is in an old, unsupported format.
Can anyone confirm whether a mechanism exists to a) determine what format we have, and b) convert it to a format we can read?
Google reveals the --upgrade-merge option, however this also fails:
Little-Net:tmp minfrin$ nss-certutil --upgrade-merge --source-dir . -d . --upgrade-id local
nss-certutil: function failed: The certificate/key database is in an old, unsupported format.
Can anyone confirm what one needs to do to extract certs and keys out of cert8.db?
Regards,
Graham
—
RJT
May 23, 2016, 7:59:03 AM5/23/16
to mozilla-dev...@lists.mozilla.org
On Wednesday, October 14, 2015 at 5:24:43 AM UTC-5, Graham Leggett wrote:
> Hi all,
>
> During a recent Firefox upgrade, all my digital certificates and keys vanished (as well as all saved passwords, but that is a separate problem).
>
> The cert8.db and key3.db files are still there, however I am struggling to find a version of certutil that can read them. Using certutil from v3.14.3 (as provided by macports) I get the following:
>
> Little-Net:tmp minfrin$ nss-certutil -L -d .
> nss-certutil: function failed: The certificate/key database is in an old, unsupported format.
>
Try prefixing with sql:
> Hi all,
>
> During a recent Firefox upgrade, all my digital certificates and keys vanished (as well as all saved passwords, but that is a separate problem).
>
> The cert8.db and key3.db files are still there, however I am struggling to find a version of certutil that can read them. Using certutil from v3.14.3 (as provided by macports) I get the following:
>
> Little-Net:tmp minfrin$ nss-certutil -L -d .
> nss-certutil: function failed: The certificate/key database is in an old, unsupported format.
>
nss-certutil -L -d sql:${HOME}/.pki/nssdb
On a new CentOS 7 Linux machine, the same error occurs using certutil without indicating it is a database with the 'sql' prefix. The database is actually in a newer format. The "database" switched from flat files to Berkeley DB to sqllite, so sql:<DIRECTORY LEVEL PATH OF DATABASE> is needed. i am guessing the same error happens on the Mac, but i thought some distributions were making the new way, the default way. Believe the switch to sqllite occurred with 3.12. Do not forget `man nss-certutil` and `man certutil`, it has examples.
https://wiki.mozilla.org/NSS:Roadmap#SQLite-Based_Shareable_Certificate_and_Key_Databases
0 new messages