[Bug 722154] [NEW] Importing PKCS12 (.p12) files into Firefox From the Command Line

fieldyweb 722154 at bugs.launchpad.net
Sun Feb 20 13:59:25 UTC 2011 

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: firefox

I have a need to perform the following action:

ubuntu 10.04.1
Firefox 3.6.x: 

Quote:

open Edit -> Preferences -> Advanced -> Encryption -> View Certificates -> Your Certificates -> Import
However i need the same functionality from the bash command line.

So far I’ve established that the following command is supposed to be
used:

Quote:

certutil -A -t “u,u,u” -d
/home/df001/.mozilla/firefox/qe5y5lht.tc.default/ -n “mycert” -i
client.p12

This executes with no isses, however, doesn’t show up in any Firefox
Certificate store.

However, I have noted that prior to running this command, i have a
cert8.db key3.db and secmod.db file in the above folder. After running
the command the certutil seems to have created a cert9.db, key4.db and
pkcs12.txt file

Listing the contents using the command:

Quote:

certutil -L -d sql:/home/df001/.mozilla/firefox/qe5y5lht.tc.default/

does seem to confirm my attempts of importing files into a certificate
folder of some kind have worked. because i get

Quote:

Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI

Thawte SSL CA „ 
Go Daddy Secure Certification Authority „ 
Thawte SGC CA „ 
Entrust Certification Authority - L1C „ 
My Nero CT,C,c
mynero P„ 
davidfield - Internet Widgits Pty Ltd u,u,u

So, having tried this, and heading back over to the www, i came across
this command:


Quote:

pk12util -d /home/df001/.mozilla/firefox/qe5y5lht.tc.default/ -i
client.p12 -n “David Field” -P “cert8.db”

this again, appears to be importing something somewhere, however, again,
Viewing certs from the Firefox interface doesn’t show the imported Cert.

I’m surmising here on reading that the certutil and pk12util are
creating a new NSS database, which firefox isn’t reading.

So my question is, how can i get the p12 cert from the command line so
it displays in the firefox Certificate manager interface?


I can’t just import via the GUI and copy over cert8.db x 2000, i can’t ask users to use the CA webinterface as its for VPN access, the users are off site, and they need the VPN to get to the cert server..

** Affects: firefox (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: 10.04 certificate firefox pkcs ubuntu

** Visibility changed to: Public

** Tags added: 10.04 ubuntu
** Tags removed: ubunto

-- 
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in ubuntu.
https://bugs.launchpad.net/bugs/722154

Title:
  Importing PKCS12 (.p12) files into Firefox From the Command Line

More information about the Ubuntu-mozillateam-bugs mailing list