Where can I download certutil.exe for Windows
Where can I download certutil.exe for Windows 2003. I want to create a cert8.db for a Unicert Publisher and need this tool.
User Agent
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)
All Replies (19)
Not a Firefox question.
You probably need to compile that version yourself. http://www.mozilla.org/projects/security/pki/nss/tools/index.html - NSS Security Tools
I have compiled the NSS tools (3.12.7) using NSPR 4.8.6 & Visual C++ 2008 Express and uploaded them to here http://www.megaupload.com/?d=DSIDS88S. if anyone has any idea how to publish these here please feel free to do so and update the article
EDIT.... You need to have Microsoft Visual C 2008 Runtime installed on any box you wish to run these compiled apps on.
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9b2da534-3e03-...
I created these by the following method..
1 Download & Install Microsoft Visual Studio 2008 Express - http://www.microsoft.com/express/down.../#2008-Visual-CPP . Open visual studio and let it configure itself for first use
2 Download & Install Mozilla Build files to C:\mozilla-build (default location) http://ftp.mozilla.org/pub/mozilla.or.../MozillaBuildSetup-Latest.exe
This was linked from https://developer.mozilla.org/En/Deve.../Windows_Prerequisites
3 Download the NSS tools and the nspr libraries I had issues (I used NSS 3.12.7 & NSPR 4.6.8 ) from https://ftp.mozilla.org/pub/mozilla.o.../nss-3.12.7-with-nspr-4.8.6.tar.gz
4 Unzip NSS & NSPR using winzip, winrar or 7zip this gzip file contains 1 tar file. Unzip this tar file to C:\Temp (you may need to create this folder). You will then end up with a folder path of in C:\Temp\nss-3.12.7\mozilla
5 Run C:\mozilla-build\start-msvc9.bat. after a short wait you will get a prompt that looks like a dos command prompt but is in fact a cygwin (unix shell) with a prompt that says yourusername@yourcomputer'sname ~ Important note - unix & Linux commands & paths are case sensitive so if your folder name is c:\temp and you type c:\Temp the path won't be found. When typing paths just type the first couple of letters and press TAB key this will autocomplete the folder name, Type a / then the first couple of letters to the next folder and TAB etc etc
6 Type export OS_TARGET="WINNT" (this sets environment variables up - these are also case sensitive)
7 Type export BUILD_OPT="1"
8 Type export HOME="/c/Temp" (or another folder with read / write access)
9 Type cd c: the ~ prompt will change to /c
10 Type cd Temp/nss-3.12.7/mozilla/security/nss the prompt will change to /c/Temp/nss-3.12.7/mozilla/security/nss
11 Type env this will list the environment variables available to that cygwin shell - check the newly created 3 are there
12 Type make nss_build_all (this will start the compilation process)
13 The process takes 3-6 mins to complete depending on your pc. When the compilation has completed you'll receive a non-descript message "Leaving directory /c/Temp/nss-3.12.7/mozilla/security/nss/cmd". (there is no success message but you will receive error messages if it fails). Your files will be located in C:\Temp\nss-3.12.7\mozilla\dist\WINNT5.1_OPT.OBJ\bin
PRF_1 modificouno o
Quote
Not a Firefox question.
Actually TXGuy it is! Certutil is used to import certificates into firefox
PRF_1 modificouno o
TXGuy, Since these tools are used to manage the cert and key DBs that Firefox uses it is a Firefox question.
--M
magusnet modificouno o
First of all - Thank you!! - your compiled certutil was a great help for someone who doesn't know how to compile from source the utility myself and I found no other source for this. It worked flawlessly for me. Also, thanks for the update that we need the C++ runtime...
I ended up getting as far as importing my certificate and actually seeing it in cert8.db by doing a read with certutil. But when I open the certificates store in firefox via the browser I cannot see my cert. Do you have any direct experience or knowledge why this may be?
Additional info: I am trying to import a trusted root CA to the trusted store so that my users will not get an error when accessing SSL sites using firefox thru a Websense proxy which does SSL decryption.
I used this command for the cert add: certutil -A -n "WebsenseCA - Websense, Inc" -t "CT,c,c" -i "C:\TEMP\copy_of_1-5-2011_cert.cer" -d "C:\Documents and Settings\sriddle1\Application Data\Mozilla\Firefox\Profiles\oz5352zi.default"
(I found the -t options used above by doing a db read after importing the cert manually)
thanks!
Stephen
sriddle0032000 modificouno o
The command line I use to install the certificates in to the Authorities list of cert manager is....
Put CERTUTIL + your CRT files to import into C:\Temp\CertImport
Set FFProfdir=%Appdata%\mozilla\firefox\profiles Set CERTDIR=C:\Temp\CertImport
DIR /A:D /B > "%Temp%\FFProfile.txt"
FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .
DEL /f /q "%Temp%\FFProfile.txt"
)
This script will trawl through the %Appdata%\mozilla\firefox\profiles folder and update the cert8.db file in each sub-folder with any .crt files in certdir. It will name the certificate by the filename (minus extension). Dont forget the full stop at the end of the For %%x command
I am trying to follow the idea post of PRF_1 as shown above but it doesn't show up in the Authorities list. I also noticed that when I run it the cmd prompt shows 'certutil: <null>'
Below you can see the script as I have it now. I copied the crt file to the %Temp% folder along with the certutil.exe...
- BEGIN Script
Set FFProfdir=%Appdata%\mozilla\firefox\profiles
FOR /F "tokens=*" %%i in ('dir /B "%APPDATA%\Mozilla\Firefox\Profiles\*.default"') do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%Temp%\*.crt") do "%Temp%\certutil.exe" -A -n "%%~nX" -t "CT,C,C" -d "%%x" -i %1 .
)
- END Script
Do you have more ideas?
IT2428 modificouno o
Hi IT2428 - here's a crazy idea use my script, it works.
Well... I tried to use it just as it is but maybe I am not understand all the placement of the files. ??
1. I placed the CERTUTIL.EXE & the CRT files into the C:\Temp\CertImport folder on my local computer.
2. I created a BAT file that contains this...
Set FFProfdir=%Appdata%\mozilla\firefox\profiles
Set CERTDIR=C:\Temp\CertImport
DIR /A:D /B > "%Temp%\FFProfile.txt"
FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .
DEL /f /q "%Temp%\FFProfile.txt"
)
3. Then I tried running the BAT from within 'C:\Temp' and 'C:\Temp\CertImport' and finally from the '%Appdata%\mozilla\firefox\profiles' folder. The last one seems to work the best. It copies the CERT8.DB file but it returns CertUtil: <null> for both of my CRT files.
From what location should I be running the BAT file?
IT2428 modificouno o
To clarify... I am using the CERTUTIL.EXE that I found in the 'C:\Windows\System32' folder. From a little more research, I think it might not be as simple as that... ???
I doubt the Certutil that ships with windows works with firefox, though I havent tried it as its new to Win 7. Download the NSS tools that is linked at the top ( http://www.megaupload.com/?d=DSIDS88S ) install the microsft visual c 2008 runtime (also linked in my first post) and use my script. I'm sorry I cant make it any easier or provide any more info than I already have.
Would this need to be done to each machine or does this compile a tool that can be used on other machines (that are not part of the domain) to install certificates?
IT2428 modificouno o
Please just read my 1st post you'll find the answer to that question there.
This how I finally got it to work...
1. Copied CERTUTIL.EXE from the NSS zip file to "C:\Temp\CertImport" (I also placed the certificates I want to import there)
2. Copied all the dll's from the NSS zip file to "C\:Windows\System32"
3. Created a BAT file in "%Appdata%\mozilla\firefox\profiles" with this script...
Set FFProfdir=%Appdata%\mozilla\firefox\profiles
Set CERTDIR=C:\Temp\CertImport
DIR /A:D /B > "%Temp%\FFProfile.txt"
FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%CertDir%\Cert1.crt") do "%Certdir%\certutil.exe" -A -n "Cert1" -i "%%x" -t "TCu,TCu,TCu" -d .
For %%x in ("%CertDir%\Cert2.crt") do "%Certdir%\certutil.exe" -A -n "Cert2" -i "%%x" -t "TCu,TCu,TCu" -d .
)
DEL /f /q "%Temp%\FFProfile.txt"
4. Executed the BAT file with good results.
Thank you for your help!
Hi, is it normal that the tool doesn't show all the certificates available in the DB ? I'm trying certutil2.exe" -L -n "DigiNotar Root CA" -d .
certutil2.exe: Could not find: DigiNotar Root CA
- security library: bad database.
Have you changed into the directory where your Mozilla certs are stored? If not specify the path after the -d switch.
That's about all I can think it would be. Sorry.
I downloaded NSS 3.12.4 and NSPR 4.8, Visual Studio C++ Express 2010, and pretty much did everything else PRF_1 posted on the build instructions (I wish I had found this posting earlier). I am trying to configure NSS database by using the command certutil -N -d <path_to_db_dir> but get an error saying it can not find nssutil3.dll . When I search for the dll file and run the same command from the local directory the dll resides in, I get an unknown arg error. It can't seem to recognize the -N and -d. Anyone ran into this?
Wanted to download the package that was at megaupload but now that megaupload.com is dead I can't. Decided to compile the latest version and host it myself here: https://www.felixrr.pro/archives/165/mozilla-nss-utils-with-nspr-compiled-for-download