Re: How do I get the certificates out of the builtin object token?

Tue, 30 Dec 2008 14:02:05 -0800 

That doesn't give me the list of nicknames in the Builtin Object
Token, that just gives me the list of nicknames in the softtoken.  (I
doubt that nssckbi is supposed to include this...)

KyleMac:.netscape kyanha$ certutil -L -d . -h "Builtin Object Token"
[...]
StartCom Free Certificate Member's StartCom Ltd. ID          u,u,u
[...]

Notably, modutil -list gives me this:

-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
         slots: 2 slots attached
        status: loaded

         slot: NSS Internal Cryptographic Services
        token: NSS Generic Crypto Services

         slot: NSS User Private Key and Certificate Services
        token: NSS Certificate DB
-----------------------------------------------------------

It does this regardless of whether I have libnssckbi.dylib (I'm on Mac
OS X Leopard 10.5.6) in the profile directory.  It also does this
regardless of whether I have all of Firefox.app/Contents/MacOS/*.dylib
in the profile directory.  And it especially does this even when I'm
in the profile directory.

The version of nss I'm using is @3.11.9 (net), provided by darwinports.

-Kyle H



On Tue, Dec 30, 2008 at 4:44 AM, David Stutzman <dstutz...@dsci.com> wrote:
> Kyle,
>
> Assuming your DBs are in the current directory:
> certutil -L -d . -h "Builtin Object Token" will list all of the nicknames
>
> Then you just add the -n "nickname" (and optionally -a to get base64) for 
> each one like so:
> certutil -L -d . -n "Builtin Object Token:StartCom Certification Authority" -a
> -----BEGIN CERTIFICATE-----
> MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW
> MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg
> Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh
> ...
> <snip>
>
> I believe if you leave the -h "token name" part in, then your nicknames don't 
> have to prepended with the token name, but it's probably easier to script the 
> way I did it above.
>
> Dave
>
> -----Original Message-----
> How do I get the certificates out of the builtin object token?
> certutil only appears to work on cert8.db and key3.db, modutil won't
> add libnssckbi.dylib (it gives me error -2804 if I try), and I can't
> figure out how I'm supposed to do it.
>
> (I hope I don't have to use the slow, cumbersome, and insanely
> laid-out Firefox certificate browser to do this.)
>
> -Kyle H
> _______________________________________________
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to