Firefox has a test case, in which it uses CERT_FindCertByIssuerAndSN to find a certificate in a database. This works with the old DBM file format. After changing NSS to use the SQL file format, and after converting the cert8.db/key3.db that was used by Firefox to the cert9.db/key4.db file format, the test no longer works. CERT_FindCertByIssuerAndSN returns NULL Input key is const letsEncryptCertDBKey = `AAAAAAAAAAAAAAARAAAAQQCYE /R1E+V1C0PnQx6XHkS9MD8xJDAiBgNVBAoTG0RpZ2l0YWwgU2lnbmF0dXJlIFRyd XN0IENvLjEXMBUGA1UEAxMORFNUIFJvb3QgQ0EgWDM=`; PSM code to convert to the encoding is here: https://hg.mozilla.org/mozilla-central/file/173533a31006/security/manager/ssl/nsNSSCertificateDB.cpp#l128 I'll attach an archive that contains both old and new DB files.
Sigh, the problem was between the chair and the monitor.