how do you retrieve a certificate from the browser(say firefox) cert store?

Girish,

The code that I pointed has source in it that describes accessing certificates and private-keys from either the NSS or the JKS key-store (as well as smartcards, etc.). All you need to do is open both the NSS keystore and the JKS keystore using two different variable names, and then read from NSS and write to JKS.

arshad.noora at 2007-7-14 22:44:19 >

I don't recall if I had this working or not, but here is a configuration file I have in my source-base:

#JDK6

name = NSS

nssLibraryDirectory = /usr/local/firefox

nssDbMode = readOnly

nssSecmodDirectory = /usr/local/etc/symkey/pkcs11

The three *.db files from FF need to be in the nssSecmodDirectory location.

arshad.noora at 2007-7-14 22:44:19 >

Firefox stores its certificate in a file called cert8.db. On the Linux/UNIX environment, this file is in a subdirectory of your $HOME directory called .mozilla/. On Windows, it is typically in the c:\Documents and Settings\<User>\Application Data\Mozilla\Firefox\Profiles\<Random Hash Value>\ directory.

Before you load the keystore, I am assuming you have configured the SunPKCS11 JCE Provider in your java.security file, and have gotten an instance of the provider using the KeyStore.getInstance("PKCS11") call. You should only have one PKCS11 providrer in java.security for this to work.

While the configuration file for JDK6 has changed a little bit, the concept and capability has not. If you're having trouble with JDK6, I would recommend trying it out on JDK5 first and making sure it works on your machine, and then trying it with JDK6. The source code in the keystoreLoaderHelper.java file in the SKCL module of the StrongKey source distribution (www.strongkey.org) has all the code in it that shows how to load keys/certificates using the Firefox and the JKS keystores.

arshad.noora at 2007-7-14 22:44:19 >