=== issue: "The certificate/key database is in an old, unsupported format." ===
[chris@спутник tmp]$ certutil -A /home/chris/fluxcoil.net_201404.cert \
-n fluxcoil.net -t "p,p,p"
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
=== Solution: explicitly specify the db-file and format ===
[chris@спутник tmp]$ certutil -d sql:/home/chris/.pki/nssdb [...]
=== How to verify that the cert is in pem format? ===
[chris@спутник tmp]$ openssl x509 -inform pem -noout -text -in /home/chris/fluxcoil.net_201404.cert
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 12693929900255756002 (0xb029e5fd2c743ee2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=DE, ST=Thuringia, L=Muehlhausen, O=Freespeach noorg, OU=noou, CN=fluxcoil.net/emailAddress=chorn@fluxcoil.net
[...]
=== How to verify that you can read the cert-db? ===
[chris@спутник tmp]$ certutil -d sql:/home/chris/.pki/nssdb -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
fluxcoil.net P,,
[chris@спутник tmp]$
=== issue: "SEC_ERROR_BAD_DATABASE: security library: bad database." ===
[chris@спутник tmp]$ certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "fluxcoil.net" -i /home/chris/fluxcoil.net_201404.cert
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
[chris@спутник tmp]$ NSS_DEFAULT_DB_TYPE=sql certutil -d ~/.pki/nssdb -K
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
=== Solution: resolve the full path, use no variable: ===
[chris@спутник tmp]$ certutil -d sql:/home/chris/.pki/nssdb -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
certutil: no keys found
[chris@спутник tmp]$ certutil -d sql:/home/chris/.pki/nssdb \
-A -t "P,," -n "fluxcoil.net" -i /home/chris/fluxcoil.net_201404.cert
[chris@спутник tmp]$