Mozilla "certutil -L" - List All Certificates in cert8.db

Q

How to list all certificates stored in the "cert8.db" file by Firefox 9? I know where "cert8.db" is located on my Windows 7 system.

✍: FYIcenter.com

A

If you want to list all certificates stored in the "cert8.db" file by Firefox 9, you can use the Mozilla "certutil -L" command as shown in this tutorial:

C:\fyicerter>\fyicerter\nss\bin\certutil -L 
-d C:\Users\fyicenter\AppData]Roaming\Mozilla\Firefox\Profiles\xxxx.default

GeoTrust SSL CA                                              ,,
Entrust Certification Authority - L1E                        ,,
Network Solutions Certificate Authority                      ,,
UTN-USERFirst-Hardware                                       ,,
DigiCert High Assurance CA-3                                 ,,
Google Internet Authority                                    ,,
Akamai Subordinate CA 3                                      ,,
USERTrust Legacy Secure Server CA                            ,,
Entrust Certification Authority - L1C                        ,,
VeriSign, Inc.                                               ,,

What you are getting from this tutorial:

  • "-L" option lists all certificates from the cert8.db file in the specified directory.
  • "-d C:\Users\fyicenter\...." specifies the directory where Firefox 9 stores the cert8.db file. You need your username in the path name and replace the xxxx part with the real value on your computer.

Note that Firefox only stores "Software Security Device" CA certificates in "cert8.db" file. Other "Builtin Object Token" CA certificates are built-in to Firefox. This is why we see more CA certificates in Firefox 9 Certificate Manager than the list from the cert8.db file.

2012-08-01, 10098👍, 0💬