X
Tap here to go to the mobile version of the site.
Your Firefox is out of date and may contain a security risk! Upgrade Firefox

Support Forum

Where can I download certutil.exe for Windows

Posted

Where can I download certutil.exe for Windows 2003. I want to create a cert8.db for a Unicert Publisher and need this tool.

User Agent

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)

Additional System Details

Application

  • User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)

More Information

TXGuy 87 solutions 861 answers

Not a Firefox question.

cor-el
  • Top 10 Contributor
  • Moderator
10751 solutions 96759 answers

You probably need to compile that version yourself. http://www.mozilla.org/projects/security/pki/nss/tools/index.html - NSS Security Tools

PRF_1 0 solutions 7 answers

Helpful Reply

I have compiled the NSS tools (3.12.7) using NSPR 4.8.6 & Visual C++ 2008 Express and uploaded them to here http://www.megaupload.com/?d=DSIDS88S. if anyone has any idea how to publish these here please feel free to do so and update the article

EDIT.... You need to have Microsoft Visual C 2008 Runtime installed on any box you wish to run these compiled apps on.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9b2da534-3e03-...


I created these by the following method..

1 Download & Install Microsoft Visual Studio 2008 Express - http://www.microsoft.com/express/down.../#2008-Visual-CPP . Open visual studio and let it configure itself for first use

2 Download & Install Mozilla Build files to C:\mozilla-build (default location) http://ftp.mozilla.org/pub/mozilla.or.../MozillaBuildSetup-Latest.exe

	This was linked from https://developer.mozilla.org/En/Deve.../Windows_Prerequisites

3 Download the NSS tools and the nspr libraries I had issues (I used NSS 3.12.7 & NSPR 4.6.8 ) from https://ftp.mozilla.org/pub/mozilla.o.../nss-3.12.7-with-nspr-4.8.6.tar.gz

4 Unzip NSS & NSPR using winzip, winrar or 7zip this gzip file contains 1 tar file. Unzip this tar file to C:\Temp (you may need to create this folder). You will then end up with a folder path of in C:\Temp\nss-3.12.7\mozilla

5 Run C:\mozilla-build\start-msvc9.bat. after a short wait you will get a prompt that looks like a dos command prompt but is in fact a cygwin (unix shell) with a prompt that says yourusername@yourcomputer'sname ~ Important note - unix & Linux commands & paths are case sensitive so if your folder name is c:\temp and you type c:\Temp the path won't be found. When typing paths just type the first couple of letters and press TAB key this will autocomplete the folder name, Type a / then the first couple of letters to the next folder and TAB etc etc

6 Type export OS_TARGET="WINNT" (this sets environment variables up - these are also case sensitive)

7 Type export BUILD_OPT="1"

8 Type export HOME="/c/Temp" (or another folder with read / write access)

9 Type cd c: the ~ prompt will change to /c

10 Type cd Temp/nss-3.12.7/mozilla/security/nss the prompt will change to /c/Temp/nss-3.12.7/mozilla/security/nss

11 Type env this will list the environment variables available to that cygwin shell - check the newly created 3 are there

12 Type make nss_build_all (this will start the compilation process)

13 The process takes 3-6 mins to complete depending on your pc. When the compilation has completed you'll receive a non-descript message "Leaving directory /c/Temp/nss-3.12.7/mozilla/security/nss/cmd". (there is no success message but you will receive error messages if it fails). Your files will be located in C:\Temp\nss-3.12.7\mozilla\dist\WINNT5.1_OPT.OBJ\bin

Modified by PRF_1

PRF_1 0 solutions 7 answers

Helpful Reply

Quote

Not a Firefox question.

Actually TXGuy it is! Certutil is used to import certificates into firefox

Modified by PRF_1

magusnet 0 solutions 1 answers

TXGuy, Since these tools are used to manage the cert and key DBs that Firefox uses it is a Firefox question.

--M

Modified by magusnet

sriddle0032000 0 solutions 1 answers

First of all - Thank you!! - your compiled certutil was a great help for someone who doesn't know how to compile from source the utility myself and I found no other source for this. It worked flawlessly for me. Also, thanks for the update that we need the C++ runtime...

I ended up getting as far as importing my certificate and actually seeing it in cert8.db by doing a read with certutil. But when I open the certificates store in firefox via the browser I cannot see my cert. Do you have any direct experience or knowledge why this may be?

Additional info: I am trying to import a trusted root CA to the trusted store so that my users will not get an error when accessing SSL sites using firefox thru a Websense proxy which does SSL decryption.

I used this command for the cert add: certutil -A -n "WebsenseCA - Websense, Inc" -t "CT,c,c" -i "C:\TEMP\copy_of_1-5-2011_cert.cer" -d "C:\Documents and Settings\sriddle1\Application Data\Mozilla\Firefox\Profiles\oz5352zi.default"

(I found the -t options used above by doing a db read after importing the cert manually)


thanks! Stephen

Modified by sriddle0032000

PRF_1 0 solutions 7 answers

The command line I use to install the certificates in to the Authorities list of cert manager is....

Put CERTUTIL + your CRT files to import into C:\Temp\CertImport

Set FFProfdir=%Appdata%\mozilla\firefox\profiles Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .

DEL /f /q "%Temp%\FFProfile.txt"

)

This script will trawl through the %Appdata%\mozilla\firefox\profiles folder and update the cert8.db file in each sub-folder with any .crt files in certdir. It will name the certificate by the filename (minus extension). Dont forget the full stop at the end of the For %%x command

IT2428 0 solutions 5 answers

I am trying to follow the idea post of PRF_1 as shown above but it doesn't show up in the Authorities list. I also noticed that when I run it the cmd prompt shows 'certutil: <null>'

Below you can see the script as I have it now. I copied the crt file to the %Temp% folder along with the certutil.exe...

BEGIN Script

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

FOR /F "tokens=*" %%i in ('dir /B "%APPDATA%\Mozilla\Firefox\Profiles\*.default"') do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%Temp%\*.crt") do "%Temp%\certutil.exe" -A -n "%%~nX" -t "CT,C,C" -d "%%x" -i %1 .

)

END Script

Do you have more ideas?

Modified by IT2428

PRF_1 0 solutions 7 answers

Hi IT2428 - here's a crazy idea use my script, it works.

IT2428 0 solutions 5 answers

Well... I tried to use it just as it is but maybe I am not understand all the placement of the files. ??

1. I placed the CERTUTIL.EXE & the CRT files into the C:\Temp\CertImport folder on my local computer.

2. I created a BAT file that contains this...

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .

DEL /f /q "%Temp%\FFProfile.txt"

)

3. Then I tried running the BAT from within 'C:\Temp' and 'C:\Temp\CertImport' and finally from the '%Appdata%\mozilla\firefox\profiles' folder. The last one seems to work the best. It copies the CERT8.DB file but it returns CertUtil: <null> for both of my CRT files.

From what location should I be running the BAT file?

Modified by IT2428

IT2428 0 solutions 5 answers

To clarify... I am using the CERTUTIL.EXE that I found in the 'C:\Windows\System32' folder. From a little more research, I think it might not be as simple as that... ???

PRF_1 0 solutions 7 answers

I doubt the Certutil that ships with windows works with firefox, though I havent tried it as its new to Win 7. Download the NSS tools that is linked at the top ( http://www.megaupload.com/?d=DSIDS88S ) install the microsft visual c 2008 runtime (also linked in my first post) and use my script. I'm sorry I cant make it any easier or provide any more info than I already have.

IT2428 0 solutions 5 answers

Would this need to be done to each machine or does this compile a tool that can be used on other machines (that are not part of the domain) to install certificates?

Modified by IT2428

PRF_1 0 solutions 7 answers

Please just read my 1st post you'll find the answer to that question there.

IT2428 0 solutions 5 answers

This how I finally got it to work...

1. Copied CERTUTIL.EXE from the NSS zip file to "C:\Temp\CertImport" (I also placed the certificates I want to import there)

2. Copied all the dll's from the NSS zip file to "C\:Windows\System32"

3. Created a BAT file in "%Appdata%\mozilla\firefox\profiles" with this script...

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\Cert1.crt") do "%Certdir%\certutil.exe" -A -n "Cert1" -i "%%x" -t "TCu,TCu,TCu" -d .

For %%x in ("%CertDir%\Cert2.crt") do "%Certdir%\certutil.exe" -A -n "Cert2" -i "%%x" -t "TCu,TCu,TCu" -d .

)

DEL /f /q "%Temp%\FFProfile.txt"

4. Executed the BAT file with good results.


Thank you for your help!

stimbo 0 solutions 1 answers

Hi, is it normal that the tool doesn't show all the certificates available in the DB ? I'm trying certutil2.exe" -L -n "DigiNotar Root CA" -d .

certutil2.exe: Could not find: DigiNotar Root CA

security library: bad database.
PRF_1 0 solutions 7 answers

Have you changed into the directory where your Mozilla certs are stored? If not specify the path after the -d switch.

That's about all I can think it would be. Sorry.

lfirefox 0 solutions 1 answers

I downloaded NSS 3.12.4 and NSPR 4.8, Visual Studio C++ Express 2010, and pretty much did everything else PRF_1 posted on the build instructions (I wish I had found this posting earlier). I am trying to configure NSS database by using the command certutil -N -d <path_to_db_dir> but get an error saying it can not find nssutil3.dll . When I search for the dll file and run the same command from the local directory the dll resides in, I get an unknown arg error. It can't seem to recognize the -N and -d. Anyone ran into this?

felixrr 0 solutions 1 answers

Wanted to download the package that was at megaupload but now that megaupload.com is dead I can't. Decided to compile the latest version and host it myself here: https://www.felixrr.pro/archives/165/mozilla-nss-utils-with-nspr-compiled-for-download