fluxcoil wiki

Howtos and notes

User Tools

Site Tools

Sidebar

software:certs:certutil_notes

issue: "The certificate/key database is in an old, unsupported format."

[chris@спутник tmp]$ certutil -A /home/chris/fluxcoil.net_201404.cert \
   -n fluxcoil.net -t "p,p,p"
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

Solution: explicitly specify the db-file and format

[chris@спутник tmp]$ certutil -d sql:/home/chris/.pki/nssdb [...]

How to verify that the cert is in pem format?

[chris@спутник tmp]$ openssl x509 -inform pem -noout -text -in /home/chris/fluxcoil.net_201404.cert
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 12693929900255756002 (0xb029e5fd2c743ee2)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=DE, ST=Thuringia, L=Muehlhausen, O=Freespeach noorg, OU=noou, CN=fluxcoil.net/emailAddress=chorn@fluxcoil.net
        [...]

How to verify that you can read the cert-db?

[chris@спутник tmp]$ certutil -d sql:/home/chris/.pki/nssdb -L

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

fluxcoil.net                                                 P,,  
[chris@спутник tmp]$

issue: "SEC_ERROR_BAD_DATABASE: security library: bad database."

[chris@спутник tmp]$ certutil -d sql:$HOME/.pki/nssdb -A -t "P,," -n "fluxcoil.net" -i /home/chris/fluxcoil.net_201404.cert
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
[chris@спутник tmp]$ NSS_DEFAULT_DB_TYPE=sql certutil -d ~/.pki/nssdb -K
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.

Solution: resolve the full path, use no variable:

[chris@спутник tmp]$ certutil -d sql:/home/chris/.pki/nssdb -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
certutil: no keys found
[chris@спутник tmp]$ certutil -d sql:/home/chris/.pki/nssdb \
  -A -t "P,," -n "fluxcoil.net" -i /home/chris/fluxcoil.net_201404.cert
[chris@спутник tmp]$
software/certs/certutil_notes.txt · Last modified: 2022/11/13 12:06 by 127.0.0.1

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Driven by DokuWiki