Check if certificate with specific serial no. exist in Firefox cert db

Question

How can I check if a certificate with a specific serial number already exist in a cert db of a Firefox user profile?

I've so far been using the command below to check it and then parse the output:

certutil.exe -L -d C:\Users\<username>\AppData\Roaming\Mozilla\Firefox\Profiles\<profile>

This is working fine when working with just 1 certificate, but I now need to check multiple certificates where 2 of them unfortunately share the same "Certificate Nickname".

Can I somehow either get the serial number of all installed certificates or query if a certificate with a specified serial number is installed?

I'm using certutil.exe built from nss-3.16.1-with-nspr-4.10.5

Thanks in advance.

score 0 · Answer 1 · answered Feb 02 '15 at 19:48

I don't think certutil lets you do this, however, doing something like this in nss itself is easy enough.

Here is a Python example using python-nss which just dumps all serial numbers and nicknames from a db.

#!/usr/bin/env python2
from __future__ import print_function
import sys
from nss import nss

nss.nss_init(sys.argv[1])
for cert in nss.list_certs(nss.PK11CertListAll):
    try:
        print("{} {}".format(cert.serial_number, cert.make_ca_nickname()))
    except Exception as ex:
        print(ex, file=sys.stderr)

Is this something that can be used in or ported to a Windows environment? — Michael G, Feb 05 '15 at 14:24

Check if certificate with specific serial no. exist in Firefox cert db

1 Answers1