Mozilla "certutil -A -i" - Add Root CA Certificate to cert8.db

Q

How to add a root CA certificate into "cert8.db" file using Mozilla "certutil" tool? I have exported a root CA certificate file in PEM format

✍: FYIcenter.com

A

If you want to add a root CA certificate into a "cert8.db" file from a certificate file, you can use the Mozilla "certutil -A -i" command as shown in this tutorial:

1. Run Firefox and start the certificate manager.

2. Click "Authorities", find "GeoTrust Global CA" and export it into "GeoTrust_CA.pem".

3. Run Mozilla "certutil" command below to import in your own cert8.db file:

C:\fyicerter>\fyicerter\nss\bin\certutil -A -d .\
-i GeoTrust_CA.pem -n "GeoTrust Global CA" -t "C,,"

C:\fyicerter>\fyicerter\nss\bin\certutil -L -d .\

GeoTrust SSL CA                                              ,,
GeoTrust Global CA                                           C,,

What you are getting from this tutorial:

  • "-A" command adds a certificate to the certificate database.
  • "-d .\" specifies the directory where the database, cert8.db, is located.
  • "-i GeoTrust_CA.pem" specifies the input root CA certificate file.
  • '-n "GeoTrust Global CA"' specifies a name for this certificate.
  • '-t "C,,"' specifies trust arguments: "trusted CA to issue server certs" for SSL category. No trust for email and object signing categories.

 

Mozilla "certutil -V" Command Options

Mozilla "certutil -A -i" - Add Certificate to cert8.db File

Using to Mozilla "certutil" Commands

⇑⇑ Mozilla "certutil" - Certificate Management Tool

2016-06-27, 47184👍, 2💬