seanorama/README.md

Last active March 2, 2021 17:22

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/seanorama/b453524b8f24dcb625a901bc4d503a86.js"></script>
Save seanorama/b453524b8f24dcb625a901bc4d503a86 to your computer and use it in GitHub Desktop.

Download ZIP

certutil/nssdb

Raw

README.md

How to work with nssdb and certutil

remove database

rm -r ~/.pki/nssdb

create database directory

mkdir -p ~/.pki/nssdb

list all certificates

certutil -d sql:$HOME/.pki/nssdb -L

list of hosts to get certificates from

hosts="ip-of-squid-proxy1:443 ip-of-squid-proxy2:443"

import each as trusted proxy

for host in ${hosts}; do
  echo "" | openssl s_client -connect ${host} -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > "${host}.crt"
  certutil -d sql:$HOME/.pki/nssdb -A  -t P,P,P -n "${host}" -i ${host}.crt
  rm ${host}.crt
done

show certificate

certutil -L -d sql:$HOME/.pki/nssdb -n certname

delete

certutil -d sql:$HOME/.pki/nssdb -D -n certificate_nickname

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment