Certificate Keystores

Network Security Services (NSS)#

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. For detailed information on standards supported, see Overview of NSS.

Most people will end up here trying to utilize the cert/6/7/8/.db and/or key3.db files which are part of the NSS framework.

Cert#.db and Key#.db Files#

cert7.db and cert8.db Files#

These files hold public certificates of accepted sources.


This file hold private keys and certificates.

Description of the cert/6/7/8/.db and key3.db files.

NSS Security Tools#

Putting DER encoded Certificate Format Into NSS DB files#

If the application is using cert8.db files, then the certutil for the platform you are on should be able to to import the DER encoded Certificate Format directly in to the certificate store.

cert7.db #

I know of two methods to add a DER encoded Certificate Format into NSS the ceert7.db store.

First, requires using OpenSSL and the certutil (utility from NSS). You would use openSSL to convert the DER encoded Certificate Format into a format like PKCS12 that you can then use the certutil utility to add the certificate to the NSS db files.

Second, do this:

More Information#

There might be more information for this subject on one of the following: