cert9.db has only few certificates
AFAIK, Firefox does not use a system wide certificate store (Or does it on Ubuntu?), but maintains its own one in a file cert9.db within every Firefox profile directory. The file can be inspected using the certutil tool from the libnss3-tools package, but that command shows fewer certificates than one can see in the Firefox GUI.
Here's what I do:
1. Start Firefox by calling
$ firefox -profilemanager
create a new profile within the GUI and start Firefox using the newly created profile.
2. Within Firefox go to
Preferences
=> Privacy & Security
=> Certificates
=> View Certificates
=> Authorities
to see a full list of certificate names.
3. Close Firefox.
4. Look at the new profile's certificate store on the shell:
$ certutil -L -d sql:$HOME/
Certificate Nickname Trust Attributes
DigiCert SHA2 Secure Server CA ,,
Only one certificate is shown. After browsing some sites, the list of shown certificates becomes longer.
Why is that? And how can one retrieve a full list of CA and/or server certificates trusted by Firefox on the shell?
TIA!
Thees
system:
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 18.04.3 LTS
Release: 18.04
Codename: bionic
$ apt-cache policy firefox
firefox:
Installed: 70.0.1+
$ apt-cache policy libnss3-tools
libnss3-tools:
Installed: 2:3.35-2ubuntu2.3
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu firefox Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Thees Flatow for more information if necessary.