Where can I download certutil.exe for Windows
Where can I download certutil.exe for Windows 2003. I want to create a cert8.db for a Unicert Publisher and need this tool.
User Agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)
Wšykne wótegrona (19)
Not a Firefox question.
You probably need to compile that version yourself. http://www.mozilla.org/projects/security/pki/nss/tools/index.html - NSS Security Tools
I have compiled the NSS tools (3.12.7) using NSPR 4.8.6 & Visual C++ 2008 Express and uploaded them to here http://www.megaupload.com/?d=DSIDS88S. if anyone has any idea how to publish these here please feel free to do so and update the article
EDIT.... You need to have Microsoft Visual C 2008 Runtime installed on any box you wish to run these compiled apps on.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9b2da534-3e03-...
I created these by the following method..
1 Download & Install Microsoft Visual Studio 2008 Express - http://www.microsoft.com/express/down.../#2008-Visual-CPP . Open visual studio and let it configure itself for first use
2 Download & Install Mozilla Build files to C:\mozilla-build (default location) http://ftp.mozilla.org/pub/mozilla.or.../MozillaBuildSetup-Latest.exe
This was linked from https://developer.mozilla.org/En/Deve.../Windows_Prerequisites
3 Download the NSS tools and the nspr libraries I had issues (I used NSS 3.12.7 & NSPR 4.6.8 ) from https://ftp.mozilla.org/pub/mozilla.o.../nss-3.12.7-with-nspr-4.8.6.tar.gz
4 Unzip NSS & NSPR using winzip, winrar or 7zip this gzip file contains 1 tar file. Unzip this tar file to C:\Temp (you may need to create this folder). You will then end up with a folder path of in C:\Temp\nss-3.12.7\mozilla
5 Run C:\mozilla-build\start-msvc9.bat. after a short wait you will get a prompt that looks like a dos command prompt but is in fact a cygwin (unix shell) with a prompt that says yourusername@yourcomputer'sname ~ Important note - unix & Linux commands & paths are case sensitive so if your folder name is c:\temp and you type c:\Temp the path won't be found. When typing paths just type the first couple of letters and press TAB key this will autocomplete the folder name, Type a / then the first couple of letters to the next folder and TAB etc etc
6 Type export OS_TARGET="WINNT" (this sets environment variables up - these are also case sensitive)
7 Type export BUILD_OPT="1"
8 Type export HOME="/c/Temp" (or another folder with read / write access)
9 Type cd c: the ~ prompt will change to /c
10 Type cd Temp/nss-3.12.7/mozilla/security/nss the prompt will change to /c/Temp/nss-3.12.7/mozilla/security/nss
11 Type env this will list the environment variables available to that cygwin shell - check the newly created 3 are there
12 Type make nss_build_all (this will start the compilation process)
13 The process takes 3-6 mins to complete depending on your pc. When the compilation has completed you'll receive a non-descript message "Leaving directory /c/Temp/nss-3.12.7/mozilla/security/nss/cmd". (there is no success message but you will receive error messages if it fails). Your files will be located in C:\Temp\nss-3.12.7\mozilla\dist\WINNT5.1_OPT.OBJ\bin
Wót PRF_1
Quote
Not a Firefox question.
Actually TXGuy it is! Certutil is used to import certificates into firefox
Wót PRF_1
TXGuy, Since these tools are used to manage the cert and key DBs that Firefox uses it is a Firefox question.
--M
Wót magusnet
First of all - Thank you!! - your compiled certutil was a great help for someone who doesn't know how to compile from source the utility myself and I found no other source for this. It worked flawlessly for me. Also, thanks for the update that we need the C++ runtime...
I ended up getting as far as importing my certificate and actually seeing it in cert8.db by doing a read with certutil. But when I open the certificates store in firefox via the browser I cannot see my cert. Do you have any direct experience or knowledge why this may be?
Additional info: I am trying to import a trusted root CA to the trusted store so that my users will not get an error when accessing SSL sites using firefox thru a Websense proxy which does SSL decryption.
I used this command for the cert add: certutil -A -n "WebsenseCA - Websense, Inc" -t "CT,c,c" -i "C:\TEMP\copy_of_1-5-2011_cert.cer" -d "C:\Documents and Settings\sriddle1\Application Data\Mozilla\Firefox\Profiles\oz5352zi.default"
(I found the -t options used above by doing a db read after importing the cert manually)
thanks!
Stephen
Wót sriddle0032000
The command line I use to install the certificates in to the Authorities list of cert manager is....
Put CERTUTIL + your CRT files to import into C:\Temp\CertImport
Set FFProfdir=%Appdata%\mozilla\firefox\profiles Set CERTDIR=C:\Temp\CertImport
DIR /A:D /B > "%Temp%\FFProfile.txt"
FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .
DEL /f /q "%Temp%\FFProfile.txt"
)
This script will trawl through the %Appdata%\mozilla\firefox\profiles folder and update the cert8.db file in each sub-folder with any .crt files in certdir. It will name the certificate by the filename (minus extension). Dont forget the full stop at the end of the For %%x command
I am trying to follow the idea post of PRF_1 as shown above but it doesn't show up in the Authorities list. I also noticed that when I run it the cmd prompt shows 'certutil: <null>'
Below you can see the script as I have it now. I copied the crt file to the %Temp% folder along with the certutil.exe...
- BEGIN Script
Set FFProfdir=%Appdata%\mozilla\firefox\profiles
FOR /F "tokens=*" %%i in ('dir /B "%APPDATA%\Mozilla\Firefox\Profiles\*.default"') do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%Temp%\*.crt") do "%Temp%\certutil.exe" -A -n "%%~nX" -t "CT,C,C" -d "%%x" -i %1 .
)
- END Script
Do you have more ideas?
Wót IT2428
Hi IT2428 - here's a crazy idea use my script, it works.
Well... I tried to use it just as it is but maybe I am not understand all the placement of the files. ??
1. I placed the CERTUTIL.EXE & the CRT files into the C:\Temp\CertImport folder on my local computer.
2. I created a BAT file that contains this...
Set FFProfdir=%Appdata%\mozilla\firefox\profiles
Set CERTDIR=C:\Temp\CertImport
DIR /A:D /B > "%Temp%\FFProfile.txt"
FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .
DEL /f /q "%Temp%\FFProfile.txt"
)
3. Then I tried running the BAT from within 'C:\Temp' and 'C:\Temp\CertImport' and finally from the '%Appdata%\mozilla\firefox\profiles' folder. The last one seems to work the best. It copies the CERT8.DB file but it returns CertUtil: <null> for both of my CRT files.
From what location should I be running the BAT file?
Wót IT2428
To clarify... I am using the CERTUTIL.EXE that I found in the 'C:\Windows\System32' folder. From a little more research, I think it might not be as simple as that... ???
I doubt the Certutil that ships with windows works with firefox, though I havent tried it as its new to Win 7. Download the NSS tools that is linked at the top ( http://www.megaupload.com/?d=DSIDS88S ) install the microsft visual c 2008 runtime (also linked in my first post) and use my script. I'm sorry I cant make it any easier or provide any more info than I already have.
Would this need to be done to each machine or does this compile a tool that can be used on other machines (that are not part of the domain) to install certificates?
Wót IT2428
Please just read my 1st post you'll find the answer to that question there.
This how I finally got it to work...
1. Copied CERTUTIL.EXE from the NSS zip file to "C:\Temp\CertImport" (I also placed the certificates I want to import there)
2. Copied all the dll's from the NSS zip file to "C\:Windows\System32"
3. Created a BAT file in "%Appdata%\mozilla\firefox\profiles" with this script...
Set FFProfdir=%Appdata%\mozilla\firefox\profiles
Set CERTDIR=C:\Temp\CertImport
DIR /A:D /B > "%Temp%\FFProfile.txt"
FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%CertDir%\Cert1.crt") do "%Certdir%\certutil.exe" -A -n "Cert1" -i "%%x" -t "TCu,TCu,TCu" -d .
For %%x in ("%CertDir%\Cert2.crt") do "%Certdir%\certutil.exe" -A -n "Cert2" -i "%%x" -t "TCu,TCu,TCu" -d .
)
DEL /f /q "%Temp%\FFProfile.txt"
4. Executed the BAT file with good results.
Thank you for your help!
Hi, is it normal that the tool doesn't show all the certificates available in the DB ? I'm trying certutil2.exe" -L -n "DigiNotar Root CA" -d .
certutil2.exe: Could not find: DigiNotar Root CA
- security library: bad database.
Have you changed into the directory where your Mozilla certs are stored? If not specify the path after the -d switch.
That's about all I can think it would be. Sorry.
I downloaded NSS 3.12.4 and NSPR 4.8, Visual Studio C++ Express 2010, and pretty much did everything else PRF_1 posted on the build instructions (I wish I had found this posting earlier). I am trying to configure NSS database by using the command certutil -N -d <path_to_db_dir> but get an error saying it can not find nssutil3.dll . When I search for the dll file and run the same command from the local directory the dll resides in, I get an unknown arg error. It can't seem to recognize the -N and -d. Anyone ran into this?
Wanted to download the package that was at megaupload but now that megaupload.com is dead I can't. Decided to compile the latest version and host it myself here: https://www.felixrr.pro/archives/165/mozilla-nss-utils-with-nspr-compiled-for-download