NSS Security Tools: certutil Tasks

Newsgroup: mozilla.dev.tech.crypto

Task List

  1. Better error reporting. Most certutil errors provide no detail. Mistakes with command-line options just print a usage message.
  2. Improve certificate listings. Allow for sorting by name and trust. Sorting by trust will return CA certs first.
  3. Allow listing and lookup of keys by index and nickname.
  4. Improve coherence of key and certificate nicknames.
  5. Remove keys "stranded" without a certificate (except for the imminent (????) encryption key for password files).
  6. Support importing keys from a file.
  7. Improve hardware token support.
  8. (bugfix) Some certificate extensions cause certutil to crash.
  9. (bugfix) Certificate entries require a serial number; one should be generated automatically if not provided.
  10. (bugfix) Null password is given to new key3.db; should prompt user for an initial password.
  11. (bugfix) Listing provate keys does not work: requires password authentication.
  12. (bugfix) Listing certificate extensions has typos and does not provide much information.