[GH-ISSUE #150] certutil: could not authenticate to token NSS Certificate DB.: SEC_ERROR_IO: An I/O error occurred during security authorization. #92

New issue

Open

opened 2026-02-25 22:32:35 +03:00 by kerem · 5 comments

kerem commented

2026-02-25 22:32:35 +03:00

Owner

Originally created by @devsumanmdn on GitHub (Mar 15, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/150

I tried looking an old issue #12, but it doesn't seem to help

Commands I have executed:
sudo chmod u+x ./mkcert,
and tried this also later
sudo chmod 0777 ./mkcert,
then
sudo ./mkcert -install
I have libnss3-tools version 2:3.28.4-0ubuntu0.16.04.5 installed which seems the latest for Ubuntu 16.04 LTS

Using the local CA at "/home/user/.local/share/mkcert" ✨
ERROR: failed to execute "certutil -A": exit status 255

certutil: could not authenticate to token NSS Certificate DB.: SEC_ERROR_IO: An I/O error occurred during security authorization.

Originally created by @devsumanmdn on GitHub (Mar 15, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/150 I tried looking an old issue #12, but it doesn't seem to help Commands I have executed: `sudo chmod u+x ./mkcert`, and tried this also later `sudo chmod 0777 ./mkcert`, then `sudo ./mkcert -install` I have libnss3-tools version `2:3.28.4-0ubuntu0.16.04.5` installed which seems the latest for Ubuntu 16.04 LTS ``` Using the local CA at "/home/user/.local/share/mkcert" ✨ ERROR: failed to execute "certutil -A": exit status 255 certutil: could not authenticate to token NSS Certificate DB.: SEC_ERROR_IO: An I/O error occurred during security authorization. ```

kerem added the

bug

label

2026-02-25 22:32:35 +03:00

kerem commented

2026-02-25 22:32:35 +03:00

Author

Owner

@adamdecaf commented on GitHub (Mar 17, 2019):

From https://www.redhat.com/archives/pki-users/2009-April/msg00037.html

Side note: the i/o error happens because of the missing NSS db files,
either wrong alias directory with -d, or need a certutil -N -d to
create them.

Have you started Firefox and/or Chrome and loaded a webpage? I needed to do that on a fresh linux machine with certutil before.

@adamdecaf commented on GitHub (Mar 17, 2019): From https://www.redhat.com/archives/pki-users/2009-April/msg00037.html > Side note: the i/o error happens because of the missing NSS db files, > either wrong alias directory with -d, or need a certutil -N -d <path> to > create them. Have you started Firefox and/or Chrome and loaded a webpage? I needed to do that on a fresh linux machine with certutil before.

kerem commented

2026-02-25 22:32:35 +03:00

Author

Owner

@devsumanmdn commented on GitHub (Mar 18, 2019):

Have you started Firefox and/or Chrome and loaded a web page? I needed to do that on a fresh linux machine with certutil before.

Ya Chrome and Firefox both are loading web pages without an issue, and the Ubuntu installation is old also. And as long as I have gathered certutil -A automatically creates a database if needed, still not sure about the source of this error.

@devsumanmdn commented on GitHub (Mar 18, 2019): > Have you started Firefox and/or Chrome and loaded a web page? I needed to do that on a fresh linux machine with certutil before. Ya Chrome and Firefox both are loading web pages without an issue, and the Ubuntu installation is old also. And as long as I have gathered `certutil -A` automatically creates a database if needed, still not sure about the source of this error.

kerem commented

2026-02-25 22:32:35 +03:00

Author

Owner

@Alek5andr commented on GitHub (Jun 30, 2020):

Still searching for a solution...

@Alek5andr commented on GitHub (Jun 30, 2020): Still searching for a solution...

kerem commented

2026-02-25 22:32:35 +03:00

Author

Owner

@fiialo commented on GitHub (Nov 5, 2021):