Skip to content

Instantly share code, notes, and snippets.

@seanorama

seanorama/README.md

Last active March 2, 2021 17:22
Show Gist options
  • Save seanorama/b453524b8f24dcb625a901bc4d503a86 to your computer and use it in GitHub Desktop.
Save seanorama/b453524b8f24dcb625a901bc4d503a86 to your computer and use it in GitHub Desktop.
Download ZIP
certutil/nssdb
Raw
README.md

How to work with nssdb and certutil

remove database

rm -r ~/.pki/nssdb

create database directory

mkdir -p ~/.pki/nssdb

list all certificates

certutil -d sql:$HOME/.pki/nssdb -L

list of hosts to get certificates from

hosts="ip-of-squid-proxy1:443 ip-of-squid-proxy2:443"

import each as trusted proxy

for host in ${hosts}; do
  echo "" | openssl s_client -connect ${host} -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > "${host}.crt"
  certutil -d sql:$HOME/.pki/nssdb -A  -t P,P,P -n "${host}" -i ${host}.crt
  rm ${host}.crt
done

show certificate

certutil -L -d sql:$HOME/.pki/nssdb -n certname

delete

certutil -d sql:$HOME/.pki/nssdb -D -n certificate_nickname
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment