Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Where can I download certutil.exe for Windows

  • 19 replies
  • 127 have this problem
  • 3 views
  • Last reply by felixrr

more options

Where can I download certutil.exe for Windows 2003. I want to create a cert8.db for a Unicert Publisher and need this tool.

User Agent

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)

Where can I download certutil.exe for Windows 2003. I want to create a cert8.db for a Unicert Publisher and need this tool. == User Agent == Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; .NET CLR 1.1.4322; MS-RTC LM 8)

All Replies (19)

more options

Not a Firefox question.

more options

You probably need to compile that version yourself. http://www.mozilla.org/projects/security/pki/nss/tools/index.html - NSS Security Tools

more options

I have compiled the NSS tools (3.12.7) using NSPR 4.8.6 & Visual C++ 2008 Express and uploaded them to here http://www.megaupload.com/?d=DSIDS88S. if anyone has any idea how to publish these here please feel free to do so and update the article

EDIT.... You need to have Microsoft Visual C 2008 Runtime installed on any box you wish to run these compiled apps on.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9b2da534-3e03-...


I created these by the following method..

1 Download & Install Microsoft Visual Studio 2008 Express - http://www.microsoft.com/express/down.../#2008-Visual-CPP . Open visual studio and let it configure itself for first use

2 Download & Install Mozilla Build files to C:\mozilla-build (default location) http://ftp.mozilla.org/pub/mozilla.or.../MozillaBuildSetup-Latest.exe

	This was linked from https://developer.mozilla.org/En/Deve.../Windows_Prerequisites

3 Download the NSS tools and the nspr libraries I had issues (I used NSS 3.12.7 & NSPR 4.6.8 ) from https://ftp.mozilla.org/pub/mozilla.o.../nss-3.12.7-with-nspr-4.8.6.tar.gz

4 Unzip NSS & NSPR using winzip, winrar or 7zip this gzip file contains 1 tar file. Unzip this tar file to C:\Temp (you may need to create this folder). You will then end up with a folder path of in C:\Temp\nss-3.12.7\mozilla

5 Run C:\mozilla-build\start-msvc9.bat. after a short wait you will get a prompt that looks like a dos command prompt but is in fact a cygwin (unix shell) with a prompt that says yourusername@yourcomputer'sname ~ Important note - unix & Linux commands & paths are case sensitive so if your folder name is c:\temp and you type c:\Temp the path won't be found. When typing paths just type the first couple of letters and press TAB key this will autocomplete the folder name, Type a / then the first couple of letters to the next folder and TAB etc etc

6 Type export OS_TARGET="WINNT" (this sets environment variables up - these are also case sensitive)

7 Type export BUILD_OPT="1"

8 Type export HOME="/c/Temp" (or another folder with read / write access)

9 Type cd c: the ~ prompt will change to /c

10 Type cd Temp/nss-3.12.7/mozilla/security/nss the prompt will change to /c/Temp/nss-3.12.7/mozilla/security/nss

11 Type env this will list the environment variables available to that cygwin shell - check the newly created 3 are there

12 Type make nss_build_all (this will start the compilation process)

13 The process takes 3-6 mins to complete depending on your pc. When the compilation has completed you'll receive a non-descript message "Leaving directory /c/Temp/nss-3.12.7/mozilla/security/nss/cmd". (there is no success message but you will receive error messages if it fails). Your files will be located in C:\Temp\nss-3.12.7\mozilla\dist\WINNT5.1_OPT.OBJ\bin

Modified by PRF_1

more options

Quote

Not a Firefox question.

Actually TXGuy it is! Certutil is used to import certificates into firefox

Modified by PRF_1

more options

TXGuy, Since these tools are used to manage the cert and key DBs that Firefox uses it is a Firefox question.

--M

Modified by magusnet

more options

First of all - Thank you!! - your compiled certutil was a great help for someone who doesn't know how to compile from source the utility myself and I found no other source for this. It worked flawlessly for me. Also, thanks for the update that we need the C++ runtime...

I ended up getting as far as importing my certificate and actually seeing it in cert8.db by doing a read with certutil. But when I open the certificates store in firefox via the browser I cannot see my cert. Do you have any direct experience or knowledge why this may be?

Additional info: I am trying to import a trusted root CA to the trusted store so that my users will not get an error when accessing SSL sites using firefox thru a Websense proxy which does SSL decryption.

I used this command for the cert add: certutil -A -n "WebsenseCA - Websense, Inc" -t "CT,c,c" -i "C:\TEMP\copy_of_1-5-2011_cert.cer" -d "C:\Documents and Settings\sriddle1\Application Data\Mozilla\Firefox\Profiles\oz5352zi.default"

(I found the -t options used above by doing a db read after importing the cert manually)


thanks! Stephen

Modified by sriddle0032000

more options

The command line I use to install the certificates in to the Authorities list of cert manager is....

Put CERTUTIL + your CRT files to import into C:\Temp\CertImport

Set FFProfdir=%Appdata%\mozilla\firefox\profiles Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .

DEL /f /q "%Temp%\FFProfile.txt"

)

This script will trawl through the %Appdata%\mozilla\firefox\profiles folder and update the cert8.db file in each sub-folder with any .crt files in certdir. It will name the certificate by the filename (minus extension). Dont forget the full stop at the end of the For %%x command

more options

I am trying to follow the idea post of PRF_1 as shown above but it doesn't show up in the Authorities list. I also noticed that when I run it the cmd prompt shows 'certutil: <null>'

Below you can see the script as I have it now. I copied the crt file to the %Temp% folder along with the certutil.exe...

BEGIN Script

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

FOR /F "tokens=*" %%i in ('dir /B "%APPDATA%\Mozilla\Firefox\Profiles\*.default"') do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%Temp%\*.crt") do "%Temp%\certutil.exe" -A -n "%%~nX" -t "CT,C,C" -d "%%x" -i %1 .

)

END Script

Do you have more ideas?

Modified by IT2428

more options

Hi IT2428 - here's a crazy idea use my script, it works.

more options

Well... I tried to use it just as it is but maybe I am not understand all the placement of the files. ??

1. I placed the CERTUTIL.EXE & the CRT files into the C:\Temp\CertImport folder on my local computer.

2. I created a BAT file that contains this...

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\*.crt") do "%Certdir%\certutil.exe" -A -n "%%~nX" -i "%%x" -t "TCu,TCu,TCu" -d .

DEL /f /q "%Temp%\FFProfile.txt"

)

3. Then I tried running the BAT from within 'C:\Temp' and 'C:\Temp\CertImport' and finally from the '%Appdata%\mozilla\firefox\profiles' folder. The last one seems to work the best. It copies the CERT8.DB file but it returns CertUtil: <null> for both of my CRT files.

From what location should I be running the BAT file?

Modified by IT2428

more options

To clarify... I am using the CERTUTIL.EXE that I found in the 'C:\Windows\System32' folder. From a little more research, I think it might not be as simple as that... ???

more options

I doubt the Certutil that ships with windows works with firefox, though I havent tried it as its new to Win 7. Download the NSS tools that is linked at the top ( http://www.megaupload.com/?d=DSIDS88S ) install the microsft visual c 2008 runtime (also linked in my first post) and use my script. I'm sorry I cant make it any easier or provide any more info than I already have.

more options

Would this need to be done to each machine or does this compile a tool that can be used on other machines (that are not part of the domain) to install certificates?

Modified by IT2428

more options

Please just read my 1st post you'll find the answer to that question there.

more options

This how I finally got it to work...

1. Copied CERTUTIL.EXE from the NSS zip file to "C:\Temp\CertImport" (I also placed the certificates I want to import there)

2. Copied all the dll's from the NSS zip file to "C\:Windows\System32"

3. Created a BAT file in "%Appdata%\mozilla\firefox\profiles" with this script...

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\Cert1.crt") do "%Certdir%\certutil.exe" -A -n "Cert1" -i "%%x" -t "TCu,TCu,TCu" -d .

For %%x in ("%CertDir%\Cert2.crt") do "%Certdir%\certutil.exe" -A -n "Cert2" -i "%%x" -t "TCu,TCu,TCu" -d .

)

DEL /f /q "%Temp%\FFProfile.txt"

4. Executed the BAT file with good results.


Thank you for your help!

more options

Hi, is it normal that the tool doesn't show all the certificates available in the DB ? I'm trying certutil2.exe" -L -n "DigiNotar Root CA" -d .

certutil2.exe: Could not find: DigiNotar Root CA

security library: bad database.
more options

Have you changed into the directory where your Mozilla certs are stored? If not specify the path after the -d switch.

That's about all I can think it would be. Sorry.

more options

I downloaded NSS 3.12.4 and NSPR 4.8, Visual Studio C++ Express 2010, and pretty much did everything else PRF_1 posted on the build instructions (I wish I had found this posting earlier). I am trying to configure NSS database by using the command certutil -N -d <path_to_db_dir> but get an error saying it can not find nssutil3.dll . When I search for the dll file and run the same command from the local directory the dll resides in, I get an unknown arg error. It can't seem to recognize the -N and -d. Anyone ran into this?

more options

Wanted to download the package that was at megaupload but now that megaupload.com is dead I can't. Decided to compile the latest version and host it myself here: https://www.felixrr.pro/archives/165/mozilla-nss-utils-with-nspr-compiled-for-download