Where can I download certutil.exe for Windows 2003. I want to create a cert8.db for a Unicert Publisher and need this tool.
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)
You probably need to compile that version yourself.
I have compiled the NSS tools (3.12.7) using NSPR 4.8.6 & Visual C++ 2008 Express and uploaded them to here http://www.megaupload.com/?d=DSIDS88S. if anyone has any idea how to publish these here please feel free to do so and update the article
EDIT.... You need to have Microsoft Visual C 2008 Runtime installed on any box you wish to run these compiled apps on.
I created these by the following method..
1 Download & Install Microsoft Visual Studio 2008 Express - http://www.microsoft.com/express/down.../#2008-Vis
2 Download & Install Mozilla Build files to C:\mozilla-build (default location) http://ftp.mozilla.org/pub/mozilla.or.../MozillaBu
This was linked from https://developer.mozilla.org/En/Deve.../Windows_P
3 Download the NSS tools and the nspr libraries I had issues (I used NSS 3.12.7 & NSPR 4.6.8 ) from https://ftp.mozilla.org/pub/mozilla.o.../nss-3.12.
4 Unzip NSS & NSPR using winzip, winrar or 7zip this gzip file contains 1 tar file. Unzip this tar file to C:\Temp (you may need to create this folder). You will then end up with a folder path of in C:\Temp\nss-3.12.7\mozilla
5 Run C:\mozilla-build\start-msvc9.bat. after a short wait you will get a prompt that looks like a dos command prompt but is in fact a cygwin (unix shell) with a prompt that says yourusername@yourcomputer'sname ~ Important note - unix & Linux commands & paths are case sensitive so if your folder name is c:\temp and you type c:\Temp the path won't be found. When typing paths just type the first couple of letters and press TAB key this will autocomplete the folder name, Type a / then the first couple of letters to the next folder and TAB etc etc
6 Type export OS_TARGET="WINNT" (this sets environment variables up - these are also case sensitive)
7 Type export BUILD_OPT="1"
8 Type export HOME="/c/Temp" (or another folder with read / write access)
9 Type cd c: the ~ prompt will change to /c
10 Type cd Temp/nss-3.12.7/mozilla/security/nss the prompt will change to /c/Temp/nss-3.12.7/mozilla/security/nss
11 Type env this will list the environment variables available to that cygwin shell - check the newly created 3 are there
12 Type make nss_build_all (this will start the compilation process)
13 The process takes 3-6 mins to complete depending on your pc. When the compilation has completed you'll receive a non-descript message "Leaving directory /c/Temp/nss-3.12.7/mozilla/security/nss/cmd". (there is no success message but you will receive error messages if it fails). Your files will be located in C:\Temp\nss-3.12.7\mozilla\dist\WINNT5.1_OPT.OBJ\b
First of all - Thank you!! - your compiled certutil was a great help for someone who doesn't know how to compile from source the utility myself and I found no other source for this. It worked flawlessly for me. Also, thanks for the update that we need the C++ runtime...
I ended up getting as far as importing my certificate and actually seeing it in cert8.db by doing a read with certutil. But when I open the certificates store in firefox via the browser I cannot see my cert. Do you have any direct experience or knowledge why this may be?
Additional info: I am trying to import a trusted root CA to the trusted store so that my users will not get an error when accessing SSL sites using firefox thru a Websense proxy which does SSL decryption.
I used this command for the cert add: certutil -A -n "WebsenseCA - Websense, Inc" -t "CT,c,c" -i "C:\TEMP\copy_of_1-5-2011_cert.cer" -d "C:\Documents and Settings\sriddle1\Application Data\Mozilla\Firefox\Profiles\oz5352zi.default"
(I found the -t options used above by doing a db read after importing the cert manually)
The command line I use to install the certificates in to the Authorities list of cert manager is....
Put CERTUTIL + your CRT files to import into C:\Temp\CertImport
Set FFProfdir=%Appdata%\mozilla\firefox\profiles Set CERTDIR=C:\Temp\CertImport
DIR /A /B > "%Temp%\FFProfile.txt"
FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .
DEL /f /q "%Temp%\FFProfile.txt"
This script will trawl through the %Appdata%\mozilla\firefox\profiles folder and update the cert8.db file in each sub-folder with any .crt files in certdir. It will name the certificate by the filename (minus extension). Dont forget the full stop at the end of the For %%x command
I am trying to follow the idea post of PRF_1 as shown above but it doesn't show up in the Authorities list. I also noticed that when I run it the cmd prompt shows 'certutil: <null>'
Below you can see the script as I have it now. I copied the crt file to the %Temp% folder along with the certutil.exe...
FOR /F "tokens=*" %%i in ('dir /B "%APPDATA%\Mozilla\Firefox\Profiles\*.default"') do (
CD /d "%FFProfDir%\%%i"
COPY cert8.db cert8.db.orig /y
For %%x in ("%Temp%\*.crt") do "%Temp%\certutil.exe" -A -n "%%~nX" -t "CT,C,C" -d "%%x" -i %1 .
Do you have more ideas?