starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 13:36:02 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #83] Certutil error on fresh Mac OS Mojave install #43

New issue
Closed
opened 2026-02-25 22:32:27 +03:00 by kerem · 12 comments
kerem commented 2026-02-25 22:32:27 +03:00
Owner
Copy link

Originally created by @selfagency on GitHub (Oct 26, 2018).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/83

when i attempt to install mkcert, i get the following error:

➜ mkcert -install
Using the local CA at "/Users/daniel/Library/Application Support/mkcert" ✨
Password:
The local CA is now installed in the system trust store! ⚡️
ERROR: failed to execute "certutil -A": exit status 255

certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.

when i google the issue, it says i need to initialize the nss database. i did this, however, and still get the same error above.

➜ ls -la ~/.pki/nssdb/
total 136
drwx------  5 daniel  staff    160 Oct 25 22:45 .
drwxr-xr-x  3 daniel  staff     96 Oct 25 22:44 ..
-rw-------  1 daniel  staff  28672 Oct 25 22:45 cert9.db
-rw-------  1 daniel  staff  36864 Oct 25 22:45 key4.db
-rw-------  1 daniel  staff    431 Oct 25 22:45 pkcs11.txt
Originally created by @selfagency on GitHub (Oct 26, 2018). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/83 when i attempt to install mkcert, i get the following error: ``` ➜ mkcert -install Using the local CA at "/Users/daniel/Library/Application Support/mkcert" ✨ Password: The local CA is now installed in the system trust store! ⚡️ ERROR: failed to execute "certutil -A": exit status 255 certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database. ``` when i google the issue, it says i need to initialize the nss database. i did this, however, and still get the same error above. ``` ➜ ls -la ~/.pki/nssdb/ total 136 drwx------ 5 daniel staff 160 Oct 25 22:45 . drwxr-xr-x 3 daniel staff 96 Oct 25 22:44 .. -rw------- 1 daniel staff 28672 Oct 25 22:45 cert9.db -rw------- 1 daniel staff 36864 Oct 25 22:45 key4.db -rw------- 1 daniel staff 431 Oct 25 22:45 pkcs11.txt ```
kerem closed this issue 2026-02-25 22:32:27 +03:00
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@adamdecaf commented on GitHub (Oct 26, 2018):

What version are you on? How did you initialize the db?

<!-- gh-comment-id:433276118 --> @adamdecaf commented on GitHub (Oct 26, 2018): What version are you on? How did you initialize the db?
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@selfagency commented on GitHub (Oct 26, 2018):

Mac OS 10.14
mkcert 1.1.2

mkdir -p ~/.pki/nssdb
chmod 700 ~/.pki/nssdb
certutil -d ~/.pki/nssdb -N

also tried

certutil -d sql:$HOME/.pki/nssdb -N

with the same result

<!-- gh-comment-id:433278178 --> @selfagency commented on GitHub (Oct 26, 2018): Mac OS 10.14 mkcert 1.1.2 ``` mkdir -p ~/.pki/nssdb chmod 700 ~/.pki/nssdb certutil -d ~/.pki/nssdb -N ``` also tried ``` certutil -d sql:$HOME/.pki/nssdb -N ``` with the same result
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@adamdecaf commented on GitHub (Oct 26, 2018):

Can you delete ~/.pki, load a few https sites in Firefox and then run
mkcert?

On Thu, Oct 25, 2018, 8:55 PM Daniel Sieradski notifications@github.com
wrote:

Mac OS 10.14
mkcert 1.1.2

mkdir -p ~/.pki/nssdb
chmod 700 ~/.pki/nssdb
certutil -d $HOME/.pki/nssdb -N

also tried

certutil -d sql:$HOME/.pki/nssdb -N

with the same result


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/FiloSottile/mkcert/issues/83#issuecomment-433278178,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAHYd8nbaa0kBDSrdfvmEMaQB-d22OTqks5uooeYgaJpZM4X7cx7
.

<!-- gh-comment-id:433284675 --> @adamdecaf commented on GitHub (Oct 26, 2018): Can you delete ~/.pki, load a few https sites in Firefox and then run mkcert? On Thu, Oct 25, 2018, 8:55 PM Daniel Sieradski <notifications@github.com> wrote: > Mac OS 10.14 > mkcert 1.1.2 > > mkdir -p ~/.pki/nssdb > chmod 700 ~/.pki/nssdb > certutil -d $HOME/.pki/nssdb -N > > also tried > > certutil -d sql:$HOME/.pki/nssdb -N > > with the same result > > — > You are receiving this because you commented. > Reply to this email directly, view it on GitHub > <https://github.com/FiloSottile/mkcert/issues/83#issuecomment-433278178>, > or mute the thread > <https://github.com/notifications/unsubscribe-auth/AAHYd8nbaa0kBDSrdfvmEMaQB-d22OTqks5uooeYgaJpZM4X7cx7> > . >
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@selfagency commented on GitHub (Oct 26, 2018):

same deal

<!-- gh-comment-id:433295307 --> @selfagency commented on GitHub (Oct 26, 2018): same deal
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@selfagency commented on GitHub (Oct 26, 2018):

hmm seems to work if i use sudo

<!-- gh-comment-id:433544347 --> @selfagency commented on GitHub (Oct 26, 2018): hmm seems to work if i use sudo
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@selfagency commented on GitHub (Oct 26, 2018):

ok, so i have both firefox and firefox developer edition installed. after using sudo, it added the CA to the developer edition, but not the regular edition. and if i try to do mkcert -install without sudo, i get the error above.

<!-- gh-comment-id:433548705 --> @selfagency commented on GitHub (Oct 26, 2018): ok, so i have both firefox and firefox developer edition installed. after using `sudo`, it added the CA to the developer edition, but not the regular edition. and if i try to do `mkcert -install` without `sudo`, i get the error above.
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@adamdecaf commented on GitHub (Oct 27, 2018):

Hmm, is the path different than what's mentioned in https://github.com/FiloSottile/mkcert/issues/51 ?

<!-- gh-comment-id:433587011 --> @adamdecaf commented on GitHub (Oct 27, 2018): Hmm, is the path different than what's mentioned in https://github.com/FiloSottile/mkcert/issues/51 ?
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@selfagency commented on GitHub (Oct 27, 2018):

Both Firefox and Firefox Dev Ed are in /Applications and my data folder is /Users/daniel/Library/Application Support/Firefox.

<!-- gh-comment-id:433590757 --> @selfagency commented on GitHub (Oct 27, 2018): Both Firefox and Firefox Dev Ed are in /Applications and my data folder is /Users/daniel/Library/Application Support/Firefox.
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@adamdecaf commented on GitHub (Nov 10, 2018):

I just realized ~/.pki/nssdb/ is the linux path, what's at this filepath:

$ ls -l ~/Library/Application\ Support/Firefox/Profiles/*.default/ | grep '.db' 
-rw-------@ 1 adam  staff    327680 Nov 10 13:32 cert9.db
-rw-------@ 1 adam  staff    294912 Nov 10 13:32 key4.db
<!-- gh-comment-id:437623088 --> @adamdecaf commented on GitHub (Nov 10, 2018): I just realized `~/.pki/nssdb/` is the linux path, what's at this filepath: ``` $ ls -l ~/Library/Application\ Support/Firefox/Profiles/*.default/ | grep '.db' -rw-------@ 1 adam staff 327680 Nov 10 13:32 cert9.db -rw-------@ 1 adam staff 294912 Nov 10 13:32 key4.db ```
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@selfagency commented on GitHub (Nov 12, 2018):

➜ ls -l ~/Library/Application\ Support/Firefox/Profiles/*.default/ | grep '.db'
-rw-------   1 root    staff     28672 Oct 26 17:08 cert9.db
-rw-------   1 root    staff     36864 Oct 26 17:08 key4.db
<!-- gh-comment-id:437932709 --> @selfagency commented on GitHub (Nov 12, 2018): ``` ➜ ls -l ~/Library/Application\ Support/Firefox/Profiles/*.default/ | grep '.db' -rw------- 1 root staff 28672 Oct 26 17:08 cert9.db -rw------- 1 root staff 36864 Oct 26 17:08 key4.db ```
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@adamdecaf commented on GitHub (Nov 13, 2018):

Can mkcert read those files? They're owned by root and not world readable.

<!-- gh-comment-id:438417350 --> @adamdecaf commented on GitHub (Nov 13, 2018): Can `mkcert` read those files? They're owned by root and not world readable.
kerem commented 2026-02-25 22:32:28 +03:00
Author
Owner
Copy link

@selfagency commented on GitHub (Nov 13, 2018):

changing the owner to myself seems to have worked. thanks for your help!

➜ sudo chown -R daniel:staff ~/Library/Application\ Support/Firefox/Profiles/*.default/
➜ mkcert -install
Using the local CA at "/Users/daniel/Library/Application Support/mkcert" ✨
<!-- gh-comment-id:438428315 --> @selfagency commented on GitHub (Nov 13, 2018): changing the owner to myself seems to have worked. thanks for your help! ``` ➜ sudo chown -R daniel:staff ~/Library/Application\ Support/Firefox/Profiles/*.default/ ➜ mkcert -install Using the local CA at "/Users/daniel/Library/Application Support/mkcert" ✨ ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#43
No description provided.