Importing PKCS#12 (.p12) files into Firefox From the Command Line

Posted by user11165 on Ask Ubuntu See other posts from Ask Ubuntu or by user11165
Published on 2011-02-20T13:26:00Z Indexed on 2011/02/20 15:32 UTC
Read the original article Hit count: 392

Filed under:
|

I’ve posted this question up on #Ubuntu and #Firefox Forums, and really could do with some help.. Anyone know where i could look or help with the answer. I’m hoping the power of social media will come through… I have a need to perform the following action:

Firefox 3.6.x:

Quote:

open Edit -> Preferences -> Advanced -> Encryption -> View Certificates -> Your Certificates -> Import However i need the same functionality from the bash command line.

So far I’ve established that the following command is supposed to be used:

Quote:

certutil -A -t “u,u,u” -d /home/df001/.mozilla/firefox/qe5y5lht.tc.default/ -n “mycert” -i client.p12 This executes with no isses, however, doesn’t show up in any Firefox Certificate store.

However, I have noted that prior to running this command, i have a cert8.db key3.db and secmod.db file in the above folder. After running the command the certutil seems to have created a cert9.db, key4.db and pkcs12.txt file

Listing the contents using the command:

Quote:

certutil -L -d sql:/home/df001/.mozilla/firefox/qe5y5lht.tc.default/ does seem to confirm my attempts of importing files into a certificate folder of some kind have worked. because i get

Quote:

Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI

Thawte SSL CA „ Go Daddy Secure Certification Authority „ Thawte SGC CA „ Entrust Certification Authority - L1C „ My Nero CT,C,c mynero P„ davidfield - Internet Widgits Pty Ltd u,u,u

So, having tried this, and heading back over to the www, i cam across this command:

Quote:

pk12util -d /home/df001/.mozilla/firefox/qe5y5lht.tc.default/ -i client.p12 -n “David Field” -P “cert8.db” this again, appears to be importing something somewhere, however, again, Viewing certs from the Firefox interface doesn’t show the imported Cert.

I’m surmising here on reading that the certutil and pk12util are creating a new NSS database, which firefox isn’t reading.

So my question is, how can i get the p12 cert from the command line so it displays in the firefox Certificate manager interface?

Why have i posted this here? Why not post on the firefox forum? Well i will copy and post the same question there as well, however the ability to use the command line to do this is important, as I have potentially 2000 machines which will need a user cert imported into firefox via a p12 file. I need to do this in the form of a script, i thought the hard part was going to be making the p12 file from the microsoft 2003 CA, turns out thats easy.

I can’t just import via the GUI and copy over cert8.db x 2000, i can’t ask users to use the CA webinterface as its for VPN access, the users are off site, and they need the VPN to get to the cert server..

Is there any person out there who can help?

By the way, i don't have the tor buttun installed.

© Ask Ubuntu or respective owner

Related posts about command-line

Related posts about firefox