rkidder.com

• List all certificates

certutil -d sql:$HOME/.pki/nssdb -L

• List details of a certificate

certutil -d sql:$HOME/.pki/nssdb -L -n <certificate nickname>

• Delete a certificate

certutil -d sql:$HOME/.pki/nssdb -D -n <certificate nickname>

• Retrieve remote certificate and store it in home.pem

echo | openssl s_client -connect server_name:443 \\
2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > file_name.pem

• Note: to trust a self-signed server certificate, we should use

certutil -d sql:$HOME/.pki/nssdb/ -A -t "P,," -n server_name -i file_name.pem

• due to NSS bug 531160, workaround is:

certutil -d sql:$HOME/.pki/nssdb/ -A -t "C,," -n server_name -i file_name.pem