Mozilla "certutil -V -u" - Validate Certificate in cert8.db

Q

How to validate a certificate stored in a "cert8.db" file using Mozilla "certutil" tool?

✍: FYIcenter.com

A

If you want to validate a certificate stored a "cert8.db" file, you can use the Mozilla "certutil -V -i" command as shown in this tutorial:

C:\fyicerter>\fyicerter\nss\bin\certutil -L -d .\

GeoTrust SSL CA                                              ,,
GeoTrust Global CA                                           C,,

C:\fyicerter>\fyicerter\nss\bin\certutil -V -d .\
-n "GeoTrust Global CA" -u V

\fyicenter\nss\bin\certutil.exe: certificate is valid

C:\fyicerter>\fyicerter\nss\bin\certutil -V -d .\
-n "GeoTrust SSL CA" -u V

\fyicenter\nss\bin\certutil.exe: certificate is invalid: 
   Certificate key usage inadequate for attempted operation.

What you are getting from this tutorial:

  • "-V" command validates a certificate stored in the certificate database.
  • "-d .\" specifies the directory where the database, cert8.db, is located.
  • '-n "..."' specifies a name for the certificate to be validated.
  • '-u V' specifies the type of certificate usage to be validated. "V" means to validate the certificate for usage of SSL server.
  • "GeoTrust Global CA" certificate passed the validation. But "GeoTrust SSL CA" certificate failed the validation. May be it should also be set with trust argument of "C (trusted CA to issue server certs)".

2012-08-02, 6492👍, 0💬