# How to work with nssdb and certutil

## remove database

```
rm -r ~/.pki/nssdb
```

## create database directory

```
mkdir -p ~/.pki/nssdb
```

## list all certificates

```
certutil -d sql:$HOME/.pki/nssdb -L
```

## list of hosts to get certificates from

```
hosts="ip-of-squid-proxy1:443 ip-of-squid-proxy2:443"
```

## import each as trusted proxy

```
for host in ${hosts}; do
  echo "" | openssl s_client -connect ${host} -prexit 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > "${host}.crt"
  certutil -d sql:$HOME/.pki/nssdb -A  -t P,P,P -n "${host}" -i ${host}.crt
  rm ${host}.crt
done
```

## show certificate

```
certutil -L -d sql:$HOME/.pki/nssdb -n certname
```

## delete

```
certutil -d sql:$HOME/.pki/nssdb -D -n certificate_nickname
```