On Wednesday, October 14, 2015 at 5:24:43 AM UTC-5, Graham Leggett wrote: > Hi all, > > During a recent Firefox upgrade, all my digital certificates and keys > vanished (as well as all saved passwords, but that is a separate problem). > > The cert8.db and key3.db files are still there, however I am struggling to > find a version of certutil that can read them. Using certutil from v3.14.3 > (as provided by macports) I get the following: > > Little-Net:tmp minfrin$ nss-certutil -L -d . > nss-certutil: function failed: The certificate/key database is in an old, > unsupported format. >
Try prefixing with sql: nss-certutil -L -d sql:${HOME}/.pki/nssdb On a new CentOS 7 Linux machine, the same error occurs using certutil without indicating it is a database with the 'sql' prefix. The database is actually in a newer format. The "database" switched from flat files to Berkeley DB to sqllite, so sql:<DIRECTORY LEVEL PATH OF DATABASE> is needed. i am guessing the same error happens on the Mac, but i thought some distributions were making the new way, the default way. Believe the switch to sqllite occurred with 3.12. Do not forget `man nss-certutil` and `man certutil`, it has examples. https://wiki.mozilla.org/NSS:Roadmap#SQLite-Based_Shareable_Certificate_and_Key_Databases -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto