Search code examples
certificatesmimensscertificate-storecertutil

certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format

I had downloaded a verified (not self-signed) S/MIME certificate with iceweasel (firefox) which was stored in cert8.db

Then I used:

certutil -L -d <path_to_folder_that_cert8.db_resides>

in order to list the certificates, and then I extracted the .p12 file using the name of my certificate that certutil gave me:

pk12util -o mycertfile.p12 -n "<name_found_from_certutil>" -d <path_to_folder_that_cert8.db_resides>

The problem is that I lost the access to the PC that the p12 was stored and now I have only a cert8.db copy to another PC. Thus I repeated the certutil && pk12util commands, but certutil fails with:

certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.

I have desperately tried at 3 different computers, including one with identical kernel and libnss3-tools version, (like the initial desktop where I extracted the p12 successfully) which is:

$ uname -a 
Linux commander 3.16.0-4-amd64 #1 SMP Debian 3.16.7-2 (2014-11-06) x86_64 GNU/Linux

libnss3-tools version: 2:3.17.2-1

Any thoughts?

Thanks

Solution

  • The error message is quite cryptic. I got similar error while using certutil -L to get the list of certificate in a cert8.db file.

    Now I find why the command did not work.

    The –L cannot work only with a cert8.db in a folder. It is also dependent on two other files, key3.db and secmod.db. So in a folder where all the above 3 files are present, -L works only there. And that’s why –d parameter takes a folder path. Not the cert8.db file.

    I tried certutil by copying cert8.db from the Firefox profile folder to a temp directory.

    I noticed it when certuitl -A succeeded but -L failed and the successful -A command created two other files in that temp folder.

    Check also if the directory path have any space or not. With space, it gives the same error or 'bad file format error - old database format' etc. Specially in the Mac OS, the folder is in "Application Support" folder which contains space in the name. So it needs the path fully quoted:

    "/Users/myuser/Library/Application Support/Firefox/Profiles/jii912uh.default"

    or add the \ escape character. 

     /Users/myuser/Library/Application\ Support/Firefox/Profiles/jii912uh.default