Previously I wrote that one can create a PEM file containing all of Mozilla's trusted roots with a simple shell script. One can get a simple text list of those root cert's nicknames.
Here's a simple (?) shell script to do it. It uses NSS's certutil program. It first produces a text file containing a list of the root cert's nicknames in alphabetical order, then it creates a PEM file of matching contents. certutil -L -h 'Builtin Object Token' -d DB | \ grep ' *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$' | \ sed -e 's/ *[CcGTPpu]*,[CcGTPpu]*,[CcGTPpu]* *$//' \ -e 's/\(.*\)/"\1"/' | sort > rootnicknames.txt while read nickname; do echo ==== $nickname ====; \ eval certutil -d DB -L -n "$nickname" -a ; \ done < rootnicknames.txt > pemroots.txt 2>&1 if you remove the -a from that last command, it will give you a file of pretty printed certs, from which you can extract subject names or serial numbers, etc. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
