About the CertUtil Utility

Use certutil to set up and work with NSS digital certificates in the Enterprise Edition only. The Certificate Database Tool, certutil, is a command-line utility that can create and modify the Netscape Communicator cert8.db and key3.db database files. It can also list, generate, modify, or delete certificates within the cert8.db file and create or change the password, generate new public and private key pairs, display the contents of the key database, or delete key pairs within the key3.db file.

The key and certificate management process generally begins with creating keys in the key database, then generating and managing certificates in the certificate database. The document listed below discusses certificate and key database management with NSS, including the syntax for the certutil utility:

http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html

The command-line utility used to import and export keys and certificates between the certificate/key databases and files in PKCS12 format is pk12util. More description of the pk12util utility can be read at:

http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html

For more information on using certutil, pk12util, and other NSS security tools, see NSS Security Tools at http://www.mozilla.org/projects/security/pki/nss/tools/.

The tools are located in the install_dir/lib/ directory.


Legal Notices