Importing and exporting Firefox certificates from the command line

Saturday, January 29, 2011

Firefox is able to manage certificates and keys, for example personal certificates and their corresponding private keys to authenticate to certain sites. The easiest way to import/export these is to use the preferences dialog in Firefox, but there are times when that isn't available or convenient and you want to use the command line. Perhaps Firefox broke, or you're remotely accessing the system and all you have is a terminal.

You will need certutil and pk12util. On Fedora, both of these are in the nss-tools package.

First, determine the path to your Firefox user profile. On Linux systems, it usually looks like ~/.mozilla/firefox/foo.default, where foo is some alphanumeric string. I'll use foo.default for the examples, but remember to replace it with the real path. Now, get a list of certificates:

$ certutil -L -d ~/.mozilla/firefox/foo.default

You should get a pretty big list. Find the name of the one you're interested in and export it:

$ pk12util -d ~/.mozilla/firefox/foo.default \
           -o /path/to/export-file.p12 \
           -n 'Some certificate that I want to export'

Once you're exported it, you can import by using -i instead of -o:

$ pk12util -d ~/.mozilla/firefox/foo.default -i /path/to/export-file.p12

Tags: certificate, cli, firefox | Posted at 18:29 | Comments (0)


There are no comments.

Add a comment

Email: (optional, not displayed to public)
URL: (do not fill this in — leave blank!)