certutil: function failed: security library: bad database

Question

when I'm using certutil it returns this error: certutil: function failed: security library: bad database.

e.g. I can't list certs or keys

How Can I fix this?

score 38 · Accepted Answer · answered Oct 15 '12 at 20:26

38

If it is new system, your certificate database might not be initialized. To fix this, perform:

mkdir -p $HOME/.pki/nssdb
certutil -d $HOME/.pki/nssdb -N

answered Oct 15 '12 at 20:26

Maciej Małycha

496

score 9 · Answer 2 · answered Jul 30 '13 at 05:52

In case database already has been initialised, but still is corrupted then it has to be rebuild:

$ mv ~/.pki/nssdb ~/.pki/nssdb.corrupted
$ mkdir ~/.pki/nssdb
$ chmod 700 ~/.pki/nssdb
$ certutil -d sql:$HOME/.pki/nssdb -N

Check if working alright

$ certutil -d sql:$HOME/.pki/nssdb -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

Import certificate

$ certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n GoAgent -i ~/programs/goagent/local/CA.crt

score 2 · Answer 3 · edited Sep 07 '23 at 19:14

2

Quite an old question, but the mentioned solutions did not work for me, because the error was caused by incorrect shell expansion.

In my case, I had to replace ~ with $HOME, e.g.

certutil -d sql:~/.pki/nssdb -A -t "C,," -n KEY_NAME -i ~/path_to_the_key/key.cert

became

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n KEY_NAME -i $HOME/path_to_the_key/key.cert

edited Sep 07 '23 at 19:14

shelleybutterfly

103

answered Jan 24 '22 at 15:03

zergussino

121

score 2 · Answer 4 · edited Dec 28 '12 at 13:02

If you want to display certifications from a specific folder (for example, the folder which stores the cert8.db file for Firefox), you need to specify the folder with "-d":

nss-certutil -d /Users/myuser/Library/Application\ Support/Firefox/Profiles/jii912uh.default -L

Otherwise, nss-certutil may try to read *.db files from ~/.netscape folder, or maybe $HOME/.pki/nssdb as previous user mentioned.

score 1 · Answer 5 · answered Sep 01 '15 at 06:56

Also check the -d directory path (must point to the directory) have any space or not. With space it gives the same error or bad file format error - old database format etc. Specially in Mac the folder is in "Application Support" which contains space. So have the path fully quoted:

"/Users/myuser/Library/Application Support/Firefox/Profiles/jii912uh.default"

or add the \ escape character.

 /Users/myuser/Library/Application\ Support/Firefox/Profiles/jii912uh.default

And check that the folder have the following files, cert8.db, key3.db and secmob.db.

score 0 · Answer 6 · answered Sep 03 '13 at 13:05

0

In my case I solved problem using this solution (Windows XP, nss 3.15.1):

cd /dir/with/database
C:/full/path/to/certutil.exe -L -d .

answered Sep 03 '13 at 13:05

Teemonek

1

certutil: function failed: security library: bad database

6 Answers6

Linked