Open Bug 1664816 Opened 5 years ago Updated 5 years ago

certutil: Use subject for default nicks (support importing cert bundles with -A)

Categories

(NSS :: Tools, enhancement, P5)

Product:
NSS
Component:
Tools
Version:
3.59
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: minfrin, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15

Steps to reproduce:

Attempt to load a certificate bundle into an NSS using certutil as follows:

certutil -d /etc/dirsrv/slapd-default/ -A -i /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Actual results:

certutil -A: nickname is required for this command (-n).

As certificates are distributed as bundles of concatenated X509 certs, there is no practical way to import such a bundle into NSS.

Expected results:

All certificates imported successfully, using subject as nickname, as per p12util.

certutil can always use more love; thanks for reporting this. We'd happily take a patch to address this via making the subject the default nick when unspecified!

Severity: -- → S3
Status: UNCONFIRMED → NEW
Type: defect → enhancement
Ever confirmed: true
Priority: -- → P5
Summary: certutil: Cannot import a certificate bundle with -A (more than one certificate) → certutil: Use subject for default nicks (support importing cert bundles with -A)
You need to log in before you can comment on or make changes to this bug.