How to I import an SSL certificate into my own personal cert store?


  • List all certificates

certutil -d sql:$HOME/.pki/nssdb -L

  • List details of a certificate

certutil -d sql:$HOME/.pki/nssdb -L -n <certificate nickname>

  • Delete a certificate

certutil -d sql:$HOME/.pki/nssdb -D -n <certificate nickname>

  • Retrieve remote certificate and store it in home.pem

echo | openssl s_client -connect server_name:443 \
2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > file_name.pem

  • Note: to trust a self-signed server certificate, we should use

certutil -d sql:$HOME/.pki/nssdb/ -A -t "P,," -n server_name -i file_name.pem

  • due to NSS bug 531160, workaround is:

certutil -d sql:$HOME/.pki/nssdb/ -A -t "C,," -n server_name -i file_name.pem

 

2014-12-01 19:46 Roy Kidder {writeRevision}
Average rating: 0 (0 Votes)

You cannot comment on this entry

Chuck Norris has counted to infinity. Twice.