after downloading firefox sign packages from Mozilla web site. i'm using this link to SIGN extensions.
after set path i'm trying to use this command:
certutil -N -d .
to create a test certificate, but i get this error:
C:\Firefoxdevelopment>certutil -N -d .
CertUtil: Unknown arg: -N
CertUtil -? -- Display a verb list (command list
CertUtil -dump -? -- Display help text for the "dump"
CertUtil -v -? -- Display all help text for all ver
after that i'm try to use below code:
signtool -G myTestCert -d . -p"password"
i get this alert error dialog
Your path is executing the microsoft version of certutil
C:\Windows\System32\certutil.exe
you need nss and nspr which includes the correct version of certutil and signtool.
Related
I need to start "certmgr.msc" from "cmd.exe" on "localMachine" repository so that I can import\export certificates.
I have tried the following commands but the "certmgr.msc" keeps opening on "currentUser".
certmgr.msc -s -r localMachine root
mmc.exe certmgr.msc -s -r localMachine root
certmgr.msc -v -s -r localMachine my
This should do it
"C:\WINDOWS\SYSTEM32\MMC.EXE" "C:\WINDOWS\SYSTEM32\CERTLM.MSC"
Create custom console by adding Certificate snapin and targeting it to local computer. Then save this console to .mmc file.
You can refer this saved file in command line. Can also distribute this custom console to other machines.
Below should start MMC console with both nodes CurrentUser & Local Computer
certificates.msc
mmc.exe certlm.msc -s -r localMachine root
It should work - Tested on win2012r2
I need to script the export of a cert from our Windows store into Firefox. I am having trouble getting the cert into the correct "container". The certificate, as generated from a command line as well, is a .pfx file with a password. I can manually import the cert into Firefox under the "Your Certificates" tab of the Certificate Manager. However, when I run the command line, it dumps the cert under the tab labeled "Others" and the website we're trying to access either can't find the cert there or there's a problem with the import itself.
My first couple of attempts failed with errors, but following up on them I found a site that suggested I convert the .pfx file to a .pem file. I followed those instructions and the command line now runs without error. The other thing to note here is using the GUI, I cannot import the .PEM file, but I can import the .PFX file.
Assuming that the .pem file is encoded and formatted correctly, how can I get this line of code to put the cert into the right container?
certutil -A -n "My Certificate" -d c:\temp\CertImport -t "CTu,," -u "c" -a -f pword.txt -i CertEric.pem
(I added the '-f' argument in case its needed to import the password protected file. I've run this both with and without it and got the same results.)
I also exported the cert in a .cer format.
Here are some other attempts and results:
certutil -A -n "My Certificate" -d c:\temp\CertImport -t "CTu,," -u "c" -a -f pword.txt -i CertEric.pfx
certutil: could not obtain certificate from file: security library: improperly formatted DER-encoded message.
certutil -A -n "My Certificate" -d c:\temp\CertImport -t "CTu,," -u "c" -a -f pword.txt -i CertEric.cer
certutil: could not obtain certificate from file: security library: improperly formatted DER-encoded message.
(Although, dropping the '-a' argument allowed this command to complete without error.)
certutil -A -n "My Certificate" -d c:\temp\CertImport -t "CTu,," -u "c" -f pword.txt -i CertEric.pfx
certutil: could not obtain certificate from file: security library: invalid arguments.
(This one uses the .pfx file and drops the '-a' argument)
Any ideas? Thanks for your time.
Eric
I just posted a solution to StackOverflow that you might find helpful.
Our certificates are in .cer format and work fine
Programmatically Install Certificate into Mozilla
I have a powershell script that I want to run on 2 different stand-alone machines. On Windows 8.1 with the SDK installed, I issue the command:
makecert -r -pe -n "CN=My Root Authority" -ss CA -sr CurrentUser ^
-a sha1 -sky signature -cy authority -sv CA.pvk CA.cer
and I get back:
Error: Can't access the key of the subject ('CA.pvk')
Failed
CA.pvk gets created, but not CA.cer
Any ideas?
Thanks in advance, Geoff
Several confusing and unhelpful password prompts should pop up after running this command.
I got the same error message when I entered a different password in the second prompt to the one had I entered in the first.
Entering the same password in both the first and second
pop-up screens got me past this.
I use OpenDS package ( This is a very great LDAP soft) and I've got tiny problem with an option of ldappasswordmodify command
:~# ldappasswordmodify --version
OpenDS Directory Server 2.2.0
Build 20091123144827Z
--
Name Build number Revision number
Extension: snmp-mib2605 2.2.0 6181
~# ldappasswordmodify -h localhost -D "cn=Directory Manager" -w - -a "dn:uid=user,ou=People,dc=acme,dc=org"An error occurred while attempting to connect to the Directory Server: The
simple bind attempt failed
:~# ldappasswordmodify -h localhost -D "cn=Directory Manager" -w xxxxxxx -a "dn:uid=user,ou=People,dc=acme,dc=org"
The LDAP password modify operation was successful
Generated Password: F8F2R1W6V
I did research and I found this on the Oracle Site :
http://docs.oracle.com/cd/E19623-01/820-6171/ldappasswordmodify.html
-w, --bindPassword bindPassword
Use the bind password when authenticating to the directory server. This option can be used for simple authentication as well as password-based SASL mechanisms. This option must not be used in conjunction with --bindPasswordFile. To prompt for the password, type -w -.
What I did wrong?
Thank for your help.
I found this line working :
:~# read -s A ; ldappasswordmodify -h localhost -D "cn=Directory Manager" -w $A -a "dn:uid=user,ou=People,dc=acme,dc=org"
The LDAP password modify operation was successful
Generated Password: F8F2R1W6V
Thanks anyway
I want to create a client certificate and I am running below command in Visual Studio Command prompt.
The below command runs successfully but I don't know the certificate location.
where it get stores ?
makecert -r -pe -n "CN=XYZ Company" -b 01/01/2013 -e 01/01/2014 -sky exchange -ss my
using the parameter -ss my you are explicitly stating that the cert should be saved into your personal certificate storage for your Windows account.
Open certmgr.msc (via execute on start menu) and look into your certificate store.