certutil and cert8.db in Firefox

Using certutil to print cert8.db

This is a small post to explain how to use certutil and cert8.db. This is especially useful if you run into the error certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

  1. What is the cert8.db?
    1. cert8.db is the certificate store for Firefox. It used to be called cert7.db earlier, but the latest versions of Firefox store the root certificates (and other certificates) in this file
  2. Why does this matter?
    1. This file is similar to the keystore on the Windows machine which stores the SSL certificates for the Windows machine. As Firefox is cross-platform it stores the certificates in its own file (much like Java does with jks)
  3. Why do I care about the cert8.db?
    1. You can query this file to get the list of certificates that are part of Firefox
  4. How do I install this?
    1. On Ubuntu machines, you can do this sudo apt-get install libnss3-tools
    2. On Windows machines, you can download the certutil.exe from here
    3. For Windows, you can also check this SUMO link
  5. So, how do I query the cert8.db?
    1. Copy the cert8.db from your Firefox profile into some directory. Your Firefox profile is in ~/.mozilla/firefox/<randomstring>.<profilename> (and typically %APPDATA%\Mozilla\Firefox\Profiles, though you can change it too). Say you copied the file into ~/code/tmp
    2. Then you open a terminal window and cd to ~/code
    3. Now type certutil -L -d tmp
    4. This will list all the certificates in the cert8.db that is in tmp directory
  6. So, as you noted, you don’t query the cert8.db file itself, rather the directory that the cert8.db file is in
  7. The above command will list all the root certificates within the cert8.db
  8. If you want to print the complete certificate chain of any one certificate, say DigiCert High Assurance EV CA-1
    1. certutil -L -n "DigiCert High Assurance EV CA-1" -d tmp

Hope this is useful for you to check the usage of certutil

Mozilla projects list – V1

List of all Mozilla projects, documented from wiki.mozilla.org

I was checking on Mozilla Wiki to see if there is a directory of all Mozilla projects and the stages that they are in. While the homepage of the Wiki has the most important projects, there were some good projects which were part of the respective projects. While this is good in that there is lesser clutter, this becomes difficult to market certain projects to get contributors – to develop / QA / support / write good documentation for.

So, I thought, why not create this tree. My focus was specifically on the various products and projects that Mozilla was doing, with a product focus. I didn’t focus on the marketing, sales, partnership, legal teams that Mozilla has. This is not to say that they will not be included in the next version. I appreciate feedback on this chart and based on that I will create the V2 with more details.

And coming to the chart itself, there are a couple of notes

  1. I am a newbie web-developer (not a newbie developer though !). So, if the HTML is not right, then please let me know and I shall learn the right way and fix it
  2. The code is a shameless copy of Mike Bostock’s collapsible tree example using D3
    1. If there are any license violations, please let me know and I shall remove the code
  3. I found out about this from James Westgate’s reply on SO
  4. The changes I did are
    1. Created the JSON data for the Mozilla projects. You can get the JSON file here
    2. Figured out (again thanks Mike), that I need to create a iFrame that will include the HTML for the visualization as part of the HTML page
    3. The iFrame has been modified to make the background opaque as the width of the complete visualization was larger than the width for the container of the blog post – that is why you will see the iFrame in 90% opacity
    4. Needless to say, you will need to enable Javascript on the page and have to allow the D3 JS site

Please let me know if I have made any mistakes or if you have suggestions on how this can be made better. A couple of enhancements I am thinking, for the next version

  1. Having a bit more meta-data in the nodes – possibly the wiki link
  2. Include active/inactive projects
  3. Provide weak-links amongst projects so that one can visualize the various links amongst the projects
  4. Learn D3 🙂