certutil doesn't offer a way to add generic extensions. Only the type of extensions that certutil already knows about can be added. It would be nice if NSS offered a syntax to describe arbitrary extensions, similar to what openssl offers and is described here: http://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS
I agree it would be awesome to support the "DER:<raw bytes>" syntax, at least. It would make it possible to use certutil to generate invalid test cases for certificate handling. Kai, are you going to be working on this?
> Kai, are you going to be working on this? This is a tracking bug for the general purpose solution (which I'm not going to work). Rather, I'm going to implement the workaround that is described in bug 969822 - please let's use bug 969822 for the workaround you are looking for. I believe the work I'll do will help you, even though it will require you loading the binary extension (or the invalid data for testing) from a separate file (instead of the inline syntax you suggested).
You need to log in before you can comment on or make changes to this bug.