starred/mkcert

Fork 0

mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00

[GH-ISSUE #50] Enter Password or Pin for "NSS Certificate DB" #26

New issue

Open

opened 2026-02-25 22:32:24 +03:00 by kerem · 9 comments

kerem commented

2026-02-25 22:32:24 +03:00

Owner

Originally created by @negbie on GitHub (Aug 6, 2018).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/50

Mby it's worth to give users who have a firefox master password a hint that they should enter this when they see "Enter Password or Pin for "NSS Certificate DB""

Originally created by @negbie on GitHub (Aug 6, 2018). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/50 Mby it's worth to give users who have a firefox master password a hint that they should enter this when they see "Enter Password or Pin for "NSS Certificate DB""

kerem added the

enhancement

label

2026-02-25 22:32:24 +03:00

kerem commented

2026-02-25 22:32:24 +03:00

Author

Owner

@adamdecaf commented on GitHub (Oct 2, 2018):

@negbie Do you have an example of what this looks like to a user? Do they get a password prompt from certutil?

@adamdecaf commented on GitHub (Oct 2, 2018): @negbie Do you have an example of what this looks like to a user? Do they get a password prompt from `certutil`?

kerem commented

2026-02-25 22:32:24 +03:00

Author

Owner

@kelvinj commented on GitHub (Dec 8, 2018):

On mac, it looks like this:

Using the local CA at "/Users/kelvin/Library/Application Support/mkcert" ✨
Enter Password or Pin for "NSS Certificate DB":

@kelvinj commented on GitHub (Dec 8, 2018): On mac, it looks like this: ``` Using the local CA at "/Users/kelvin/Library/Application Support/mkcert" ✨ Enter Password or Pin for "NSS Certificate DB": ```

kerem commented

2026-02-25 22:32:24 +03:00

Author

Owner

@NicolasCARPi commented on GitHub (Jan 7, 2019):

@adamdecaf Yes you get a password prompt, but I agree with @negbie, it is unclear what password is asked (until you google it and find this issue that is :p).

A better phrasing would be "Enter your Firefox master password:". :)

@NicolasCARPi commented on GitHub (Jan 7, 2019): @adamdecaf Yes you get a password prompt, but I agree with @negbie, it is unclear what password is asked (until you google it and find this issue that is :p). A better phrasing would be "Enter your Firefox master password:". :)

kerem commented

2026-02-25 22:32:24 +03:00

Author

Owner

@adamdecaf commented on GitHub (Jan 7, 2019):

I agree it's unclear, but the prompt comes from NSS's certutil not mkcert. I'm not sure if that prompt can be changed.

@adamdecaf commented on GitHub (Jan 7, 2019): I agree it's unclear, but the prompt comes from NSS's `certutil` not `mkcert`. I'm not sure if that prompt can be changed.

kerem commented

2026-02-25 22:32:24 +03:00

Author

Owner

@NicolasCARPi commented on GitHub (Jan 7, 2019):

@adamdecaf Then maybe mkcert can write a message just before: "You will be asked for your Firefox's master password now".

@NicolasCARPi commented on GitHub (Jan 7, 2019): @adamdecaf Then maybe mkcert can write a message just before: "You will be asked for your Firefox's master password now".

kerem commented

2026-02-25 22:32:24 +03:00

Author

Owner

@adamdecaf commented on GitHub (Jan 7, 2019):

Good call - Does this PR look ok? https://github.com/FiloSottile/mkcert/pull/100

@adamdecaf commented on GitHub (Jan 7, 2019): Good call - Does this PR look ok? https://github.com/FiloSottile/mkcert/pull/100

kerem commented

2026-02-25 22:32:24 +03:00

Author

Owner

@NicolasCARPi commented on GitHub (Jan 7, 2019):

@adamdecaf LGTM 👍

@NicolasCARPi commented on GitHub (Jan 7, 2019): @adamdecaf LGTM :+1:

kerem commented

2026-02-25 22:32:24 +03:00

Author

Owner

@adamdecaf commented on GitHub (Jan 7, 2019):

"The part in quotes is the name of the PK11 token. Otherwise, certutil doesn't know what's calling it."

https://searchfox.org/mozilla-central/source/security/nss/cmd/lib/secutil.c#234

We might be relying on the name that firefox/chrome sets instead of an option we can change.

@adamdecaf commented on GitHub (Jan 7, 2019): > "The part in quotes is the name of the PK11 token. Otherwise, certutil doesn't know what's calling it." > > https://searchfox.org/mozilla-central/source/security/nss/cmd/lib/secutil.c#234 We might be relying on the name that firefox/chrome sets instead of an option we can change.

kerem commented

2026-02-25 22:32:24 +03:00

Author

Owner

@cpicanco commented on GitHub (Feb 13, 2022):

Sorry for this necropost. Just want to mention that, in my case, the default password was an empty string and

certutil -N -d ~/.pki/nssdb

allowed me to create a new password. Your actual directory might be different from mine.

@cpicanco commented on GitHub (Feb 13, 2022): Sorry for this necropost. Just want to mention that, in my case, the default password was an empty string and `certutil -N -d ~/.pki/nssdb` allowed me to create a new password. Your actual directory might be different from mine.

kerem referenced this issue

2026-02-25 22:33:16 +03:00

[PR #26] [CLOSED] added simple flag to print the CAROOT var #360