X
Tap here to go to the mobile version of the site.

Support Forum

Where can I download certutil.exe for Windows

Posted

Where can I download certutil.exe for Windows 2003. I want to create a cert8.db for a Unicert Publisher and need this tool.

User Agent

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)

Where can I download certutil.exe for Windows 2003. I want to create a cert8.db for a Unicert Publisher and need this tool. == User Agent == Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)

Additional System Details

Application

  • User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)

More Information

TXGuy 87 solutions 861 answers

Not a Firefox question.

Not a Firefox question.
cor-el
  • Top 10 Contributor
  • Moderator
13060 solutions 119607 answers

You probably need to compile that version yourself. http://www.mozilla.org/projects/security/pki/nss/tools/index.html - NSS Security Tools

You probably need to compile that version yourself. http://www.mozilla.org/projects/security/pki/nss/tools/index.html - NSS Security Tools
PRF_1 0 solutions 7 answers

Helpful Reply

I have compiled the NSS tools (3.12.7) using NSPR 4.8.6 & Visual C++ 2008 Express and uploaded them to here http://www.megaupload.com/?d=DSIDS88S. if anyone has any idea how to publish these here please feel free to do so and update the article

EDIT.... You need to have Microsoft Visual C 2008 Runtime installed on any box you wish to run these compiled apps on.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9b2da534-3e03-...


I created these by the following method..

1 Download & Install Microsoft Visual Studio 2008 Express - http://www.microsoft.com/express/down.../#2008-Visual-CPP . Open visual studio and let it configure itself for first use

2 Download & Install Mozilla Build files to C:\mozilla-build (default location) http://ftp.mozilla.org/pub/mozilla.or.../MozillaBuildSetup-Latest.exe

	This was linked from https://developer.mozilla.org/En/Deve.../Windows_Prerequisites

3 Download the NSS tools and the nspr libraries I had issues (I used NSS 3.12.7 & NSPR 4.6.8 ) from https://ftp.mozilla.org/pub/mozilla.o.../nss-3.12.7-with-nspr-4.8.6.tar.gz

4 Unzip NSS & NSPR using winzip, winrar or 7zip this gzip file contains 1 tar file. Unzip this tar file to C:\Temp (you may need to create this folder). You will then end up with a folder path of in C:\Temp\nss-3.12.7\mozilla

5 Run C:\mozilla-build\start-msvc9.bat. after a short wait you will get a prompt that looks like a dos command prompt but is in fact a cygwin (unix shell) with a prompt that says yourusername@yourcomputer'sname ~ Important note - unix & Linux commands & paths are case sensitive so if your folder name is c:\temp and you type c:\Temp the path won't be found. When typing paths just type the first couple of letters and press TAB key this will autocomplete the folder name, Type a / then the first couple of letters to the next folder and TAB etc etc

6 Type export OS_TARGET="WINNT" (this sets environment variables up - these are also case sensitive)

7 Type export BUILD_OPT="1"

8 Type export HOME="/c/Temp" (or another folder with read / write access)

9 Type cd c: the ~ prompt will change to /c

10 Type cd Temp/nss-3.12.7/mozilla/security/nss the prompt will change to /c/Temp/nss-3.12.7/mozilla/security/nss

11 Type env this will list the environment variables available to that cygwin shell - check the newly created 3 are there

12 Type make nss_build_all (this will start the compilation process)

13 The process takes 3-6 mins to complete depending on your pc. When the compilation has completed you'll receive a non-descript message "Leaving directory /c/Temp/nss-3.12.7/mozilla/security/nss/cmd". (there is no success message but you will receive error messages if it fails). Your files will be located in C:\Temp\nss-3.12.7\mozilla\dist\WINNT5.1_OPT.OBJ\bin

I have compiled the NSS tools (3.12.7) using NSPR 4.8.6 & Visual C++ 2008 Express and uploaded them to here [http://www.megaupload.com/?d=DSIDS88S]. if anyone has any idea how to publish these here please feel free to do so and update the article EDIT.... You need to have Microsoft Visual C 2008 Runtime installed on any box you wish to run these compiled apps on. [http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9b2da534-3e03-4391-8a4d-074b9f2bc1bf&displaylang=en] I created these by the following method.. 1 Download & Install Microsoft Visual Studio 2008 Express - [http://www.microsoft.com/express/downloads/#2008-Visual-CPP] . Open visual studio and let it configure itself for first use 2 Download & Install Mozilla Build files to C:\mozilla-build (default location) [http://ftp.mozilla.org/pub/mozilla.org/mozilla/libraries/win32/MozillaBuildSetup-Latest.exe] This was linked from [https://developer.mozilla.org/En/Developer_Guide/Build_Instructions/Windows_Prerequisites] 3 Download the NSS tools and the nspr libraries I had issues (I used NSS 3.12.7 & NSPR 4.6.8 ) from [https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_12_7_RTM/src/nss-3.12.7-with-nspr-4.8.6.tar.gz] 4 Unzip NSS & NSPR using winzip, winrar or 7zip this gzip file contains 1 tar file. Unzip this tar file to C:\Temp (you may need to create this folder). You will then end up with a folder path of in C:\Temp\nss-3.12.7\mozilla 5 Run C:\mozilla-build\start-msvc9.bat. after a short wait you will get a prompt that looks like a dos command prompt but is in fact a cygwin (unix shell) with a prompt that says yourusername@yourcomputer'sname ~ '''Important note - unix & Linux commands & paths are case sensitive so if your folder name is c:\temp and you type c:\Temp the path won't be found. When typing paths just type the first couple of letters and press TAB key this will autocomplete the folder name, Type a / then the first couple of letters to the next folder and TAB etc etc''' 6 Type export OS_TARGET="WINNT" (this sets environment variables up - these are also case sensitive) 7 Type export BUILD_OPT="1" 8 Type export HOME="/c/Temp" (or another folder with read / write access) 9 Type cd c: the ~ prompt will change to /c 10 Type cd Temp/nss-3.12.7/mozilla/security/nss the prompt will change to /c/Temp/nss-3.12.7/mozilla/security/nss 11 Type env this will list the environment variables available to that cygwin shell - check the newly created 3 are there 12 Type make nss_build_all (this will start the compilation process) 13 The process takes 3-6 mins to complete depending on your pc. When the compilation has completed you'll receive a non-descript message "Leaving directory /c/Temp/nss-3.12.7/mozilla/security/nss/cmd". (there is no success message but you will receive error messages if it fails). Your files will be located in C:\Temp\nss-3.12.7\mozilla\dist\WINNT5.1_OPT.OBJ\bin

Modified by PRF_1

PRF_1 0 solutions 7 answers

Helpful Reply

Quote

Not a Firefox question.

Actually TXGuy it is! Certutil is used to import certificates into firefox

Quote Not a Firefox question. Actually TXGuy it is! Certutil is used to import certificates into firefox

Modified by PRF_1

magusnet 0 solutions 1 answers

TXGuy, Since these tools are used to manage the cert and key DBs that Firefox uses it is a Firefox question.

--M

TXGuy, Since these tools are used to manage the cert and key DBs that Firefox uses it is a Firefox question. --M

Modified by magusnet

sriddle0032000 0 solutions 1 answers

First of all - Thank you!! - your compiled certutil was a great help for someone who doesn't know how to compile from source the utility myself and I found no other source for this. It worked flawlessly for me. Also, thanks for the update that we need the C++ runtime...

I ended up getting as far as importing my certificate and actually seeing it in cert8.db by doing a read with certutil. But when I open the certificates store in firefox via the browser I cannot see my cert. Do you have any direct experience or knowledge why this may be?

Additional info: I am trying to import a trusted root CA to the trusted store so that my users will not get an error when accessing SSL sites using firefox thru a Websense proxy which does SSL decryption.

I used this command for the cert add: certutil -A -n "WebsenseCA - Websense, Inc" -t "CT,c,c" -i "C:\TEMP\copy_of_1-5-2011_cert.cer" -d "C:\Documents and Settings\sriddle1\Application Data\Mozilla\Firefox\Profiles\oz5352zi.default"

(I found the -t options used above by doing a db read after importing the cert manually)


thanks! Stephen

First of all - Thank you!! - your compiled certutil was a great help for someone who doesn't know how to compile from source the utility myself and I found no other source for this. It worked flawlessly for me. Also, thanks for the update that we need the C++ runtime... I ended up getting as far as importing my certificate and actually seeing it in cert8.db by doing a read with certutil. But when I open the certificates store in firefox via the browser I cannot see my cert. Do you have any direct experience or knowledge why this may be? Additional info: I am trying to import a trusted root CA to the trusted store so that my users will not get an error when accessing SSL sites using firefox thru a Websense proxy which does SSL decryption. I used this command for the cert add: certutil -A -n "WebsenseCA - Websense, Inc" -t "CT,c,c" -i "C:\TEMP\copy_of_1-5-2011_cert.cer" -d "C:\Documents and Settings\sriddle1\Application Data\Mozilla\Firefox\Profiles\oz5352zi.default" (I found the -t options used above by doing a db read after importing the cert manually) thanks! Stephen

Modified by sriddle0032000

PRF_1 0 solutions 7 answers

The command line I use to install the certificates in to the Authorities list of cert manager is....

Put CERTUTIL + your CRT files to import into C:\Temp\CertImport

Set FFProfdir=%Appdata%\mozilla\firefox\profiles Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .

DEL /f /q "%Temp%\FFProfile.txt"

)

This script will trawl through the %Appdata%\mozilla\firefox\profiles folder and update the cert8.db file in each sub-folder with any .crt files in certdir. It will name the certificate by the filename (minus extension). Dont forget the full stop at the end of the For %%x command

The command line I use to install the certificates in to the Authorities list of cert manager is.... Put CERTUTIL + your CRT files to import into C:\Temp\CertImport Set FFProfdir=%Appdata%\mozilla\firefox\profiles Set CERTDIR=C:\Temp\CertImport DIR /A:D /B > "%Temp%\FFProfile.txt" FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do ( CD /d "%FFProfDir%\%%i" COPY cert8.db cert8.db.orig /y For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d . DEL /f /q "%Temp%\FFProfile.txt" ) This script will trawl through the %Appdata%\mozilla\firefox\profiles folder and update the cert8.db file in each sub-folder with any .crt files in certdir. It will name the certificate by the filename (minus extension). Dont forget the full stop at the end of the For %%x command
IT2428 0 solutions 5 answers

I am trying to follow the idea post of PRF_1 as shown above but it doesn't show up in the Authorities list. I also noticed that when I run it the cmd prompt shows 'certutil: <null>'

Below you can see the script as I have it now. I copied the crt file to the %Temp% folder along with the certutil.exe...

BEGIN Script

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

FOR /F "tokens=*" %%i in ('dir /B "%APPDATA%\Mozilla\Firefox\Profiles\*.default"') do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%Temp%\*.crt") do "%Temp%\certutil.exe" -A -n "%%~nX" -t "CT,C,C" -d "%%x" -i %1 .

)

END Script

Do you have more ideas?

I am trying to follow the idea post of PRF_1 as shown above but it doesn't show up in the Authorities list. I also noticed that when I run it the cmd prompt shows 'certutil: <null>' Below you can see the script as I have it now. I copied the crt file to the %Temp% folder along with the certutil.exe... ::BEGIN Script Set FFProfdir=%Appdata%\mozilla\firefox\profiles FOR /F "tokens=*" %%i in ('dir /B "%APPDATA%\Mozilla\Firefox\Profiles\*.default"') do ( CD /d "%FFProfDir%\%%i" COPY cert8.db cert8.db.orig /y For %%x in ("%Temp%\*.crt") do "%Temp%\certutil.exe" -A -n "%%~nX" -t "CT,C,C" -d "%%x" -i %1 . ) ::END Script Do you have more ideas?

Modified by IT2428

PRF_1 0 solutions 7 answers

Hi IT2428 - here's a crazy idea use my script, it works.

Hi IT2428 - here's a crazy idea use my script, it works.
IT2428 0 solutions 5 answers

Well... I tried to use it just as it is but maybe I am not understand all the placement of the files. ??

1. I placed the CERTUTIL.EXE & the CRT files into the C:\Temp\CertImport folder on my local computer.

2. I created a BAT file that contains this...

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .

DEL /f /q "%Temp%\FFProfile.txt"

)

3. Then I tried running the BAT from within 'C:\Temp' and 'C:\Temp\CertImport' and finally from the '%Appdata%\mozilla\firefox\profiles' folder. The last one seems to work the best. It copies the CERT8.DB file but it returns CertUtil: <null> for both of my CRT files.

From what location should I be running the BAT file?

Well... I tried to use it just as it is but maybe I am not understand all the placement of the files. ?? '''1.''' I placed the CERTUTIL.EXE & the CRT files into the C:\Temp\CertImport folder on my local computer. '''2.''' I created a BAT file that contains this... Set FFProfdir=%Appdata%\mozilla\firefox\profiles Set CERTDIR=C:\Temp\CertImport DIR /A:D /B > "%Temp%\FFProfile.txt" FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do ( CD /d "%FFProfDir%\%%i" COPY cert8.db cert8.db.orig /y For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d . DEL /f /q "%Temp%\FFProfile.txt" ) '''3.''' Then I tried running the BAT from within 'C:\Temp' and 'C:\Temp\CertImport' and finally from the '%Appdata%\mozilla\firefox\profiles' folder. The last one seems to work the best. It copies the CERT8.DB file but it returns CertUtil: <null> for both of my CRT files. From what location should I be running the BAT file?

Modified by IT2428

IT2428 0 solutions 5 answers

To clarify... I am using the CERTUTIL.EXE that I found in the 'C:\Windows\System32' folder. From a little more research, I think it might not be as simple as that... ???

To clarify... I am using the CERTUTIL.EXE that I found in the 'C:\Windows\System32' folder. From a little more research, I think it might not be as simple as that... ???
PRF_1 0 solutions 7 answers

I doubt the Certutil that ships with windows works with firefox, though I havent tried it as its new to Win 7. Download the NSS tools that is linked at the top ( http://www.megaupload.com/?d=DSIDS88S ) install the microsft visual c 2008 runtime (also linked in my first post) and use my script. I'm sorry I cant make it any easier or provide any more info than I already have.

I doubt the Certutil that ships with windows works with firefox, though I havent tried it as its new to Win 7. Download the NSS tools that is linked at the top ( http://www.megaupload.com/?d=DSIDS88S ) install the microsft visual c 2008 runtime (also linked in my first post) and use my script. I'm sorry I cant make it any easier or provide any more info than I already have.
IT2428 0 solutions 5 answers

Would this need to be done to each machine or does this compile a tool that can be used on other machines (that are not part of the domain) to install certificates?

Would this need to be done to each machine or does this compile a tool that can be used on other machines (that are not part of the domain) to install certificates?

Modified by IT2428

PRF_1 0 solutions 7 answers

Please just read my 1st post you'll find the answer to that question there.

Please just read my 1st post you'll find the answer to that question there.
IT2428 0 solutions 5 answers

This how I finally got it to work...

1. Copied CERTUTIL.EXE from the NSS zip file to "C:\Temp\CertImport" (I also placed the certificates I want to import there)

2. Copied all the dll's from the NSS zip file to "C\:Windows\System32"

3. Created a BAT file in "%Appdata%\mozilla\firefox\profiles" with this script...

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\Cert1.crt") do "%Certdir%\certutil.exe" -A -n "Cert1" -i "%%x" -t "TCu,TCu,TCu" -d .

For %%x in ("%CertDir%\Cert2.crt") do "%Certdir%\certutil.exe" -A -n "Cert2" -i "%%x" -t "TCu,TCu,TCu" -d .

)

DEL /f /q "%Temp%\FFProfile.txt"

4. Executed the BAT file with good results.


Thank you for your help!

This how I finally got it to work... 1. Copied CERTUTIL.EXE from the NSS zip file to "C:\Temp\CertImport" (I also placed the certificates I want to import there) 2. Copied all the dll's from the NSS zip file to "C\:Windows\System32" 3. Created a BAT file in "%Appdata%\mozilla\firefox\profiles" with this script... '''Set FFProfdir=%Appdata%\mozilla\firefox\profiles Set CERTDIR=C:\Temp\CertImport DIR /A:D /B > "%Temp%\FFProfile.txt" FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do ( CD /d "%FFProfDir%\%%i" COPY cert8.db cert8.db.orig /y For %%x in ("%CertDir%\Cert1.crt") do "%Certdir%\certutil.exe" -A -n "Cert1" -i "%%x" -t "TCu,TCu,TCu" -d . For %%x in ("%CertDir%\Cert2.crt") do "%Certdir%\certutil.exe" -A -n "Cert2" -i "%%x" -t "TCu,TCu,TCu" -d . ) DEL /f /q "%Temp%\FFProfile.txt"''' 4. Executed the BAT file with good results. Thank you for your help!
stimbo 0 solutions 1 answers

Hi, is it normal that the tool doesn't show all the certificates available in the DB ? I'm trying certutil2.exe" -L -n "DigiNotar Root CA" -d .

certutil2.exe: Could not find: DigiNotar Root CA

security library: bad database.
Hi, is it normal that the tool doesn't show all the certificates available in the DB ? I'm trying certutil2.exe" -L -n "DigiNotar Root CA" -d . certutil2.exe: Could not find: DigiNotar Root CA : security library: bad database.
PRF_1 0 solutions 7 answers

Have you changed into the directory where your Mozilla certs are stored? If not specify the path after the -d switch.

That's about all I can think it would be. Sorry.

Have you changed into the directory where your Mozilla certs are stored? If not specify the path after the -d switch. That's about all I can think it would be. Sorry.
lfirefox 0 solutions 1 answers

I downloaded NSS 3.12.4 and NSPR 4.8, Visual Studio C++ Express 2010, and pretty much did everything else PRF_1 posted on the build instructions (I wish I had found this posting earlier). I am trying to configure NSS database by using the command certutil -N -d <path_to_db_dir> but get an error saying it can not find nssutil3.dll . When I search for the dll file and run the same command from the local directory the dll resides in, I get an unknown arg error. It can't seem to recognize the -N and -d. Anyone ran into this?

I downloaded NSS 3.12.4 and NSPR 4.8, Visual Studio C++ Express 2010, and pretty much did everything else PRF_1 posted on the build instructions (I wish I had found this posting earlier). I am trying to configure NSS database by using the command certutil -N -d <path_to_db_dir> but get an error saying it can not find nssutil3.dll . When I search for the dll file and run the same command from the local directory the dll resides in, I get an unknown arg error. It can't seem to recognize the -N and -d. Anyone ran into this?
felixrr 0 solutions 1 answers

Wanted to download the package that was at megaupload but now that megaupload.com is dead I can't. Decided to compile the latest version and host it myself here: https://www.felixrr.pro/archives/165/mozilla-nss-utils-with-nspr-compiled-for-download

Wanted to download the package that was at megaupload but now that megaupload.com is dead I can't. Decided to compile the latest version and host it myself here: https://www.felixrr.pro/archives/165/mozilla-nss-utils-with-nspr-compiled-for-download