On Wednesday, October 14, 2015 at 5:24:43 AM UTC-5, Graham Leggett wrote:
> Hi all,
>
> During a recent Firefox upgrade, all my digital certificates and keys
> vanished (as well as all saved passwords, but that is a separate problem).
>
> The cert8.db and key3.db files are still there, however I am struggling to
> find a version of certutil that can read them. Using certutil from v3.14.3
> (as provided by macports) I get the following:
>
> Little-Net:tmp minfrin$ nss-certutil -L -d .
> nss-certutil: function failed: The certificate/key database is in an old,
> unsupported format.
>
Try prefixing with sql:
nss-certutil -L -d sql:${HOME}/.pki/nssdb
On a new CentOS 7 Linux machine, the same error occurs using certutil without
indicating it is a database with the 'sql' prefix. The database is actually in
a newer format. The "database" switched from flat files to Berkeley DB to
sqllite, so sql:<DIRECTORY LEVEL PATH OF DATABASE> is needed. i am guessing
the same error happens on the Mac, but i thought some distributions were making
the new way, the default way. Believe the switch to sqllite occurred with
3.12. Do not forget `man nss-certutil` and `man certutil`, it has examples.
https://wiki.mozilla.org/NSS:Roadmap#SQLite-Based_Shareable_Certificate_and_Key_Databases
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
