Hi all

Tested the batch file - working. But what's next? should I put the c:\temp\certimport files as a network share and change the settings in the batch file(In order for it to work on multiple users)?

ORIGINAL:  CRS162

FYI, I made a vb-script for importing the certificates. Have not tested thoroughly, seems to work. Feedback or improvements are more then welcome.

[font="courier new"]
' Syntax      : cert_import.vbs path <certutil>
' Argument(s) : path      -  Path to a directory where certificates a located.
'               certutil  -  Path to a directory where certutil.exe resides. If not supplied we assume
'                            certutil.exe to reside in the certificate directory.
' Output      : Import certificates (*.crt) from the certificate directory into
'               the certificate store of Firefox.
'
' Note(s)     : The CERTUTIL.EXE used by this script comes from NSS Security Tools.
'               You have to compile the souce code to Windows binary to be able to use it on Windows.
'               See: http://www.mozilla.org/projects/security/pki/nss/tools/
'
' Revisions   :  0.1 - initial version
'
'
Option Explicit

On error resume next

Const DEBUGGING              = true
const SCRIPT_VERSION         = 0.1
Const EVENTLOG_WARNING       = 2
Const CERTUTIL_EXCUTABLE     = "certutil.exe"

Dim strCertDirPath, strCertutil, files, slashPosition, dotPosition, strCmd, message
Dim file, filename, filePath, fileExtension

Dim WshShell             : Set WshShell             = WScript.CreateObject("WScript.Shell")
Dim objFilesystem       : Set objFilesystem     = CreateObject("Scripting.FileSystemObject")
Dim certificates        : Set certificates      = CreateObject("Scripting.Dictionary")
Dim objCertDir

If WScript.Arguments.Count = 1 Then
   strCertDirPath    = WScript.Arguments(0)
   strCertutil       = strCertDirPath & "\" & CERTUTIL_EXCUTABLE
ElseIf WScript.Arguments.Count = 2 Then
   strCertDirPath    = WScript.Arguments(0)
   strCertutil       = WScript.Arguments(1)
Else
   Wscript.echo "Invalid syntax. Correct syntax: " & WScript.ScriptFullName & " PATH_CERTIFICATE_DIRECTORY <PATH_NSS_CERTUTIL>"
End If

If objFilesystem.FolderExists(strCertDirPath) And objFilesystem.FileExists(strCertutil) Then
   Set objCertDir = objFilesystem.GetFolder(strCertDirPath)
   Set files = objCertDir.Files
  
   For each file in files
       slashPosition = InStrRev(file, "\")
       dotPosition   = InStrRev(file, ".")
       fileExtension = Mid(file, dotPosition + 1)
       filename      = Mid(file, slashPosition + 1, dotPosition - slashPosition - 1)
      
       If LCase(fileExtension) = "crt" Then       
           strCmd = chr(34) & strCertutil & chr(34) &" -A -n " & chr(34) & filename & chr(34) & " -i " & chr(34) & file & chr(34) & " -t " & chr(34) & "TCu,TCu,TCu" & chr(34) & " -d"
           output(strCmd)
           WshShell.Exec(strCmd)
       End If       
   Next       
Else
   message = "Either directory: " & strCertDirPath & ", does not exists or certutil.exe was not found here: " & strCertutil & "."
   WshShell.LogEvent EVENTLOG_WARNING, "Script: " & WScript.ScriptFullName & " - version:" & SCRIPT_VERSION & vbCrLf & vbCrLf & message
End If

function output(message)
   If DEBUGGING Then
       Wscript.echo message
   End if
End function

Set WshShell   = Nothing
Set objFilesystem = Nothing

ORIGINAL:  CRS162

FYI, I made a vb-script for importing the certificates. Have not tested thoroughly, seems to work. Feedback or improvements are more then welcome.

[font="courier new"]
' Syntax      : cert_import.vbs path <certutil>
' Argument(s) : path      -  Path to a directory where certificates a located.
'               certutil  -  Path to a directory where certutil.exe resides. If not supplied we assume
'                            certutil.exe to reside in the certificate directory.
' Output      : Import certificates (*.crt) from the certificate directory into
'               the certificate store of Firefox.
'
' Note(s)     : The CERTUTIL.EXE used by this script comes from NSS Security Tools.
'               You have to compile the souce code to Windows binary to be able to use it on Windows.
'               See: http://www.mozilla.org/projects/security/pki/nss/tools/
'
' Revisions   :  0.1 - initial version
'
'
Option Explicit

On error resume next

Const DEBUGGING              = true
const SCRIPT_VERSION         = 0.1
Const EVENTLOG_WARNING       = 2
Const CERTUTIL_EXCUTABLE     = "certutil.exe"

Dim strCertDirPath, strCertutil, files, slashPosition, dotPosition, strCmd, message
Dim file, filename, filePath, fileExtension

Dim WshShell             : Set WshShell             = WScript.CreateObject("WScript.Shell")
Dim objFilesystem       : Set objFilesystem     = CreateObject("Scripting.FileSystemObject")
Dim certificates        : Set certificates      = CreateObject("Scripting.Dictionary")
Dim objCertDir

If WScript.Arguments.Count = 1 Then
   strCertDirPath    = WScript.Arguments(0)
   strCertutil       = strCertDirPath & "\" & CERTUTIL_EXCUTABLE
ElseIf WScript.Arguments.Count = 2 Then
   strCertDirPath    = WScript.Arguments(0)
   strCertutil       = WScript.Arguments(1)
Else
   Wscript.echo "Invalid syntax. Correct syntax: " & WScript.ScriptFullName & " PATH_CERTIFICATE_DIRECTORY <PATH_NSS_CERTUTIL>"
End If

If objFilesystem.FolderExists(strCertDirPath) And objFilesystem.FileExists(strCertutil) Then
   Set objCertDir = objFilesystem.GetFolder(strCertDirPath)
   Set files = objCertDir.Files
  
   For each file in files
       slashPosition = InStrRev(file, "\")
       dotPosition   = InStrRev(file, ".")
       fileExtension = Mid(file, dotPosition + 1)
       filename      = Mid(file, slashPosition + 1, dotPosition - slashPosition - 1)
      
       If LCase(fileExtension) = "crt" Then       
           strCmd = chr(34) & strCertutil & chr(34) &" -A -n " & chr(34) & filename & chr(34) & " -i " & chr(34) & file & chr(34) & " -t " & chr(34) & "TCu,TCu,TCu" & chr(34) & " -d"
           output(strCmd)
           WshShell.Exec(strCmd)
       End If       
   Next       
Else
   message = "Either directory: " & strCertDirPath & ", does not exists or certutil.exe was not found here: " & strCertutil & "."
   WshShell.LogEvent EVENTLOG_WARNING, "Script: " & WScript.ScriptFullName & " - version:" & SCRIPT_VERSION & vbCrLf & vbCrLf & message
End If

function output(message)
   If DEBUGGING Then
       Wscript.echo message
   End if
End function

Set WshShell   = Nothing
Set objFilesystem = Nothing

FYI, I made a vb-script for importing the certificates. Have not tested thoroughly, seems to work. Feedback or improvements are more then welcome.

[font="courier new"]
' Syntax      : cert_import.vbs path <certutil>
' Argument(s) : path      -  Path to a directory where certificates a located.
'              certutil  -  Path to a directory where certutil.exe resides. If not supplied we assume
'                            certutil.exe to reside in the certificate directory.
' Output      : Import certificates (*.crt) from the certificate directory into
'              the certificate store of Firefox.
'
' Note(s)    : The CERTUTIL.EXE used by this script comes from NSS Security Tools.
'              You have to compile the souce code to Windows binary to be able to use it on Windows.
'              See: http://www.mozilla.org/projects/security/pki/nss/tools/
'
' Revisions  :  0.1 - initial version
'
'
Option Explicit

On error resume next

Const DEBUGGING              = true
const SCRIPT_VERSION        = 0.1
Const EVENTLOG_WARNING      = 2
Const CERTUTIL_EXCUTABLE    = "certutil.exe"

Dim strCertDirPath, strCertutil, files, slashPosition, dotPosition, strCmd, message
Dim file, filename, filePath, fileExtension

Dim WshShell            : Set WshShell            = WScript.CreateObject("WScript.Shell")
Dim objFilesystem      : Set objFilesystem    = CreateObject("Scripting.FileSystemObject")
Dim certificates        : Set certificates      = CreateObject("Scripting.Dictionary")
Dim objCertDir

If WScript.Arguments.Count = 1 Then
    strCertDirPath    = WScript.Arguments(0)
    strCertutil      = strCertDirPath & "\" & CERTUTIL_EXCUTABLE
ElseIf WScript.Arguments.Count = 2 Then
    strCertDirPath    = WScript.Arguments(0)
    strCertutil      = WScript.Arguments(1)
Else
    Wscript.echo "Invalid syntax. Correct syntax: " & WScript.ScriptFullName & " PATH_CERTIFICATE_DIRECTORY <PATH_NSS_CERTUTIL>"
End If

If objFilesystem.FolderExists(strCertDirPath) And objFilesystem.FileExists(strCertutil) Then
    Set objCertDir = objFilesystem.GetFolder(strCertDirPath)
    Set files = objCertDir.Files

    For each file in files
        slashPosition = InStrRev(file, "\")
        dotPosition  = InStrRev(file, ".")
        fileExtension = Mid(file, dotPosition + 1)
        filename      = Mid(file, slashPosition + 1, dotPosition - slashPosition - 1)

        If LCase(fileExtension) = "crt" Then       
            strCmd = chr(34) & strCertutil & chr(34) &" -A -n " & chr(34) & filename & chr(34) & " -i " & chr(34) & file & chr(34) & " -t " & chr(34) & "TCu,TCu,TCu" & chr(34) & " -d"
            output(strCmd)
            WshShell.Exec(strCmd)
        End If       
    Next       
Else
    message = "Either directory: " & strCertDirPath & ", does not exists or certutil.exe was not found here: " & strCertutil & "."
    WshShell.LogEvent EVENTLOG_WARNING, "Script: " & WScript.ScriptFullName & " - version:" & SCRIPT_VERSION & vbCrLf & vbCrLf & message
End If

function output(message)
    If DEBUGGING Then
        Wscript.echo message
    End if
End function

Set WshShell  = Nothing
Set objFilesystem = Nothing

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

  Set CERTDIR=C:\Temp\CertImport

  DIR /A:D /B > "%Temp%\FFProfile.txt"











DIR  "%FFProfDir%"  /A:D /B > "%Temp%\FFProfile.txt"

Hi Nick,

This how I finally got it to work...

1. Copied CERTUTIL.EXE from the NSS zip file to "C:\Temp\CertImport" (I also placed the certificates I want to import there)

2. Copied all the dll's from the NSS zip file to "C\:Windows\System32"

3. Created a BAT file in "%Appdata%\mozilla\firefox\profiles" with this script...

Set FFProfdir=%Appdata%\mozilla\firefox\profiles

Set CERTDIR=C:\Temp\CertImport

DIR /A:D /B > "%Temp%\FFProfile.txt"

FOR /F "tokens=*" %%i in (%Temp%\FFProfile.txt) do (

CD /d "%FFProfDir%\%%i"

COPY cert8.db cert8.db.orig /y

For %%x in ("%CertDir%\Cert1.crt") do "%Certdir%\certutil.exe" -A -n "Cert1" -i "%%x" -t "TCu,TCu,TCu" -d .

For %%x in ("%CertDir%\Cert2.crt") do "%Certdir%\certutil.exe" -A -n "Cert2" -i "%%x" -t "TCu,TCu,TCu" -d .

)

DEL /f /q "%Temp%\FFProfile.txt"

4. Executed the BAT file with good results.

Your help got me on the right track! Thank you!

Hi IT,
you are missing an fundamental thing here: The mozilla products, like Firefox use their own certificate store and own version of Certutil.exe!
So, use the certutil.exe from the NSS-tools 3.12.7, which you can download from the link, you mentioned in post #11.
Regards, Nick

Here is link to show what I have found so far.... https://support.mozilla.com/ga-IE/questions/687296#answer-145542

Thanks for you input...

Yes, I'm serious.

I figured out (through research online) how to add certificates to the Trusted Root Certification Authorities in VB.NET 2005 but I am having a tougher time figuring out how to add something like that programmatically to Firefox's certificate authority. If you have good ideas on how to do that, let me know.

Seriously? You're asking that question seriously?

Could you give an example of how you used certutil at the cmd prompt? I have never used that command.

sorry for the verrrryyyy lateeee reply!! just joined here!!!!!!!

thanks for that, if only you'd been here a year ago!!

hi everyone,  u han use certuitl.exe to import the certifcates to firefox profiles through command prompt. just a week back i did it and worked out. Try this.Use  certutil.exe for adding third party certificates. Its just add the certificates to the cert8.db and not overwrites it. And even u can remove a particular certificate using certutil.exe.

My work has the same thing, but some users already have their own certificates added to Firefox.  If we just replace all the cert8.db files, they will loose those, right?  I have searched and so far all I can find is custom compiling of Firefox, or as said above, having the users manually import them.  Has anyone found a different solution?

Cheers Mikko, I'll give that a go

ORIGINAL:  timmsie
But we need to install a trusted root certificate (called "Authorities" in FF) and at the moment it looks like its going to be a manual import process for end users. There doesn't seem to be a way (command line utility or whatever) to register the .CER file automatically.




firefox-installation-folder