certutil: function failed: security library: bad database
Solution 1
If it is new system, your certificate database might not be initialized. To fix this, perform:
mkdir -p $HOME/.pki/nssdb
certutil -d $HOME/.pki/nssdb -N
Solution 2
In case database already has been initialised, but still is corrupted then it has to be rebuild:
$ mv ~/.pki/nssdb ~/.pki/nssdb.corrupted
$ mkdir ~/.pki/nssdb
$ chmod 700 ~/.pki/nssdb
$ certutil -d sql:$HOME/.pki/nssdb -N
Check if working alright
$ certutil -d sql:$HOME/.pki/nssdb -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
Import certificate
$ certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n GoAgent -i ~/programs/goagent/local/CA.crt
Solution 3
If you want to display certifications from a specific folder (for example, the folder which stores the cert8.db
file for Firefox), you need to specify the folder with "-d":
nss-certutil -d /Users/myuser/Library/Application\ Support/Firefox/Profiles/jii912uh.default -L
Otherwise, nss-certutil
may try to read *.db files from ~/.netscape
folder, or maybe $HOME/.pki/nssdb
as previous user mentioned.
Solution 4
Also check the -d
directory path (must point to the directory) have any space or not. With space it gives the same error or bad file format error - old database format etc. Specially in Mac the folder is in "Application Support"
which contains space. So have the path fully quoted:
"/Users/myuser/Library/Application Support/Firefox/Profiles/jii912uh.default"
or add the \ escape character.
/Users/myuser/Library/Application\ Support/Firefox/Profiles/jii912uh.default
And check that the folder have the following files, cert8.db, key3.db and secmob.db.
Related videos on Youtube
Comments
-
Zim3r over 1 year
when I'm using
certutil
it returns this error:certutil: function failed: security library: bad database.
e.g. I can't list certs or keys
How Can I fix this?
-
pid about 10 yearsSince last update of libGNUTLS on Debian my browsers (chrome and iceweasel) failed to open. On console I got
[5284:5310:0306/110217:ERROR:nss_util.cc(750)] After loading Root Certs, loaded==false: NSS error code: -8018
and no way to solve this gracefully. Rebuilding the DB solved it for me! Thank you very much :) -
Gillfish almost 9 yearsI was able to rebuild the DB and list the certificates after that, but my import is still failing with the error:
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
My import command iscertutil -d sql:$HOME/.pki/nssb -A -t "CT,C,C" -n sophos -i ~/Downloads/sophos_cert.crt
This shouldn't have to be run as root, should it? -
Ben Johnson almost 6 yearsIf you don't want a password on the certificate database, add the
--empty-password
switch to the end of thecertutil
command. -
CMCDragonkai over 4 yearsI found that if I ran instead:
certutil -d sql:$HOME/.pki/nssdb -L
it would not result in that error. But if I just runcertutil -L
it would show that error. Does that mean the database is not corrupted, but there's some incompatibilty or does certutil expect the wrong directory?