[usage snipped]I am trying to use pk12util tool to export certificates from the Netscape Certificate Store. I downloaded the sources and compiled those for Windows. I could use the program to Import certificates to the Netscape certifcate store. However, I am not able to figure out how to use this utility for exporting certificates.
The usage of the utility is as follows:
What do I have to pass as the parameter for option "-n". I couldn't figure out what the certname is? I can look at the Netscape preferences and look at the certificates that are currently there in the certificate store. I tried using the following command where "Anil" is the Subject Name of a certificate and get the following error.
pk12util.exe -o C:\Temp\Debug\ExportCert3.c -n "NSS Certificate DB:Anil"
c:\Anil\work\Nss\pk12util\Debug\pk12util.exe: find user certs from nickname failed: security library: bad database.
Hi Anil,
Here's some additional info that should be helpful.
First, since certificate subject names are often *very* long, NSS (mozilla's package of crypto libraries and utilitiy programs) gives certs "nicknames". To see the nicknames of the certs in your certdb, you need to build the program "certutil" and run it with the -L (list) option.
Second, all the NSS programs that use the cert database need to be told on the command line the name of the directory in which to find the DB files. They all use the -d option for this.
Third, you need to be sure that you're not running mozilla or any other program that uses the DBs when you run any of the NSS command line utilities on the DBs. The DB library that NSS uses corrupts DBs when more than one program accesses the DBs at the same time.
I suggest you exit your mozilla/Netscape browser, and then copy the cert*.db, key3.db and secmod.db files to another directory, say c:\temp\DBs and then use those copies for the command line tools.
certutil.exe -d C:\temp\DBs -L
will list the nicknames and trust flags for the certs in the DB. Let's say you find a cert with a nickname of "Anil's cert". Then, to export, you'd use a command something like this:
pk12util.exe -o C:\temp\Debug\ExportCert3.p12 -d C:\temp\DBs -k masterpw -w p12filepw
where masterpw is the password for your browser's key DB, and p12filepw is the password that will protect the newly created .p12 file.
The "NSS Certificate DB:" prefix should not be necessary. That's the default.
-- Nelson Bolyard
