C:\Users\h4m5t\Downloads\nss-3.11\nss-3.11\bin>certutil.exe -H -A Add a certificate to the database (create if needed) -E Add an Email certificate to the database (create if needed) -n cert-name Specify the nickname of the certificate to add -t trustargs Set the certificate trust attributes: p valid peer P trusted peer (implies p) c valid CA T trusted CA to issue client certs (implies c) C trusted CA to issue server certs (implies c) u user cert w send warning g make step-up cert -f pwfile Specify the password file -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -a The input certificate is encoded in ASCII (RFC1113) -i input Specify the certificate file (default is stdin)
-C Create a new binary certificate from a BINARY cert request -c issuer-name The nickname of the issuer cert -i cert-request The BINARY certificate request file -o output-cert Output binary cert to this file (default is stdout) -x Self sign -m serial-number Cert serial number -w warp-months Time Warp -v months-valid Months valid (default is 3) -f pwfile Specify the password file -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -1 Create key usage extension -2 Create basic constraint extension -3 Create authority key ID extension -4 Create crl distribution point extension -5 Create netscape cert type extension -6 Create extended key usage extension -7 Create an email subject alt name extension -8 Create an dns subject alt name extension
-G Generate a new key pair -h token-name Name of token in which to generate key (default is internal) -k key-type Type of key pair to generate ("dsa", "rsa" (default)) -g key-size Key size in bits, (min 512, max 2048, default 1024) -y exp Set the public exponent value (3, 17, 65537) (rsa only) -f password-file Specify the password file -z noisefile Specify the noise file to be used -q pqgfile read PQG value from pqgfile (dsa only) -d keydir Key database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix
-D Delete a certificate from the database -n cert-name The nickname of the cert to delete -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix
-U List all modules -d moddir Module database directory (default is '~/.netscape') -P dbprefix Cert & Key database prefix -X force the database to open R/W
-K List all keys -h token-name Name of token in which to look for keys (default is internal, use "all" to list keys on all tokens) -k key-type Type of key pair to list ("all", "dsa", "rsa" (default)) -f password-file Specify the password file -d keydir Key database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -X force the database to open R/W
-L List all certs, or print out a single named cert -n cert-name Pretty print named cert (list all if unspecified) -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -X force the database to open R/W -r For single cert, print binary DER encoding -a For single cert, print ASCII encoding (RFC1113)
-M Modify trust attributes of certificate -n cert-name The nickname of the cert to modify -t trustargs Set the certificate trust attributes (see -A above) -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix
-N Create a new certificate database -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix
-T Reset the Key database or token -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -h token-name Token to reset (default is internal)
-O Print the chain of a certificate -n cert-name The nickname of the cert to modify -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -X force the database to open R/W
-R Generate a certificate request (stdout) -s subject Specify the subject name (using RFC1485) -o output-req Output the cert request to this file -k key-type Type of key pair to generate ("dsa", "rsa" (default)) -h token-name Name of token in which to generate key (default is internal) -g key-size Key size in bits, RSA keys only (min 512, max 2048, default 1024) -q pqgfile Name of file containing PQG parameters (dsa only) -f pwfile Specify the password file -d keydir Key database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -p phone Specify the contact phone number ("123-456-7890") -a Output the cert request in ASCII (RFC1113); default is binary
-V Validate a certificate -n cert-name The nickname of the cert to Validate -b time validity time ("YYMMDDHHMMSS[+HHMM|-HHMM|Z]") -e Check certificate signature -u certusage Specify certificate usage: C SSL Client V SSL Server S Email signer R Email Recipient -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -X force the database to open R/W
-S Make a certificate and add to database -n key-name Specify the nickname of the cert -s subject Specify the subject name (using RFC1485) -c issuer-name The nickname of the issuer cert -t trustargs Set the certificate trust attributes (see -A above) -k key-type Type of key pair to generate ("dsa", "rsa" (default)) -h token-name Name of token in which to generate key (default is internal) -g key-size Key size in bits, RSA keys only (min 512, max 2048, default 1024) -q pqgfile Name of file containing PQG parameters (dsa only) -x Self sign -m serial-number Cert serial number -w warp-months Time Warp -v months-valid Months valid (default is 3) -f pwfile Specify the password file -d certdir Cert database directory (default is ~/.netscape) -P dbprefix Cert & Key database prefix -p phone Specify the contact phone number ("123-456-7890") -1 Create key usage extension -2 Create basic constraint extension -3 Create authority key ID extension -4 Create crl distribution point extension -5 Create netscape cert type extension -6 Create extended key usage extension -7 Create an email subject alt name extension -8 Create an dns subject alt name extension
@echo off ::开启变量延迟扩展 setlocal EnableExtensions EnableDelayedExpansion
echo ###checking new_version### echo -------------------------- set regPath1="HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox" set regPath2="HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Mozilla Firefox" set regKey="CurrentVersion" set regValue=""
set Value1="checkversion"
rem 检查新版本注册表是否存在 reg query %regPath1% >nul 2>nul echo %errorlevel% echo !errorlevel! if %errorlevel%==0 ( echo new_version Registry key %regkey% exists. for /f "tokens=2*" %%a in ('reg query %regPath1% /v %regKey% ^| findstr /i %regKey%') do ( if "%regValue%"=="" ( echo value not exists ) else ( set Value1=%%b ) ) ) else ( echo new_version Registry key %regkey% does not exist. echo -------------------------- ::检查旧版本注册表路径是否存在 echo ###checking old_version### reg query %regPath2% >nul 2>nul if !errorlevel!==0 ( echo old_version Registry key %regkey% exists. for /f "tokens=2*" %%a in ('reg query %regPath2% /v %regKey% ^| findstr /i %regKey%') do ( if "%regValue%"=="" ( echo value not exists ) else ( set Value1=%%b ) ) ) else ( echo old_version Registry key %regkey% does not exist. set Value1=0.0.0 )
echo !Value1! echo %Value1%
set "Major=%Value1:.=" & set /A "Minor=Revision, Revision=Subrev, Subrev=%" echo Majorold: %Major% )
echo !Value1! echo %Value1%
set "Major=%Value1:.=" & set /A "Minor=Revision, Revision=Subrev, Subrev=%" echo Majornew: %Major%
rem 检查版本号 if %final_version% EQU 0 ( echo Program version is 0. Exiting script... exit /b 1 ) else if %Major% LSS 49 ( call :function1 ) else ( call :function2 )
rem 退出脚本 exit /b
:: :function1 echo Program version is less than 49. Executing function 1... rem 执行函数1的代码,在49版本以下,更新cert8.db证书库。
::显示db中的现有证书 set "db_path=%USERPROFILE%\AppData\Roaming\Mozilla\Firefox\Profiles\" set default_name="" ::判断证书数据库路径是否存在 IF EXIST %db_path% ( echo default_path exists rem 在这里添加需要执行的命令 set "count=0" for /d %%i in ("%db_path%\*") do ( set /a count+=1 set "folder=%%~nxi" ) ::判断是否只有*.default这一个文件夹 if !count! equ 1 ( set default_name=!folder! set "all_path=%db_path%!default_name!" ::显示default文件夹全路径 echo !all_path! ::显示更新前证书库 C:\firefoxinstallcert\nss-3.11\bin\certutil.exe -L -d !all_path! ::更新证书库 C:\firefoxinstallcert\nss-3.11\bin\certutil.exe -A -n "SomeNametest" -t "u,u,u" -i "C:\firefoxinstallcert\TPLINKCA.cer" -d !all_path! ::显示更新后的证书库 C:\firefoxinstallcert\nss-3.11\bin\certutil.exe -L -d !all_path! ) else ( echo no or more ) ) ELSE ( echo no )
goto :eof
:function2 echo Program version is greater than or equal to 49. Executing function 2... rem 执行函数2的代码,在49版本以上的FireFox中启用security.enterprise_roots.enabled
set source_file_cfg=C:\firefoxinstallcert\ddwi.cfg set "dest_dir_cfg=C:\Program Files\Mozilla Firefox\" echo Moving %source_file_cfg% to %dest_dir_cfg%... if exist "%source_file_cfg%" ( if exist "%dest_dir_cfg%" ( copy "%source_file_cfg%" "%dest_dir_cfg%" ) else ( echo Directory %dest_dir_cfg% does not exist! Cannot move file. ) ) else ( echo Source file %source_file_cfg% does not exist! Cannot move file. )
set "dest_dir_cfg_x86=C:\Program Files (x86)\Mozilla Firefox\" echo Moving %source_file_cfg% to %dest_dir_cfg_x86%... if exist "%source_file_cfg%" ( if exist "%dest_dir_cfg_x86%" ( copy "%source_file_cfg%" "%dest_dir_cfg_x86%" ) else ( echo Directory does not exist! Cannot move file. ) ) else ( echo Source file %source_file_cfg% does not exist! Cannot move file. )
set source_file_js=C:\firefoxinstallcert\local-settings.js set "dest_dir_js=C:\Program Files\Mozilla Firefox\defaults\pref\" echo Moving %source_file_js% to %dest_dir_js%... if exist "%source_file_js%" ( if exist "%dest_dir_js%" ( copy "%source_file_js%" "%dest_dir_js%" ) else ( echo Directory does not exist! Cannot move file. ) ) else ( echo Source file %source_file_js% does not exist! Cannot move file. ) set "dest_dir_js_x86=C:\Program Files (x86)\Mozilla Firefox\defaults\pref\" echo Moving %source_file_js% to %dest_dir_js_x86%... if exist "%source_file_js%" ( if exist "%dest_dir_js_x86%" ( copy "%source_file_js%" "%dest_dir_js_x86%" ) else ( echo Directory does not exist! Cannot move file. ) ) else ( echo Source file %source_file_js% does not exist! Cannot move file. )
@echo off ::开启变量延迟扩展 setlocal EnableExtensions EnableDelayedExpansion
echo ###checking new_version### echo -------------------------- set regPath1="HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox" set regPath2="HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Mozilla\Mozilla Firefox" set regKey="CurrentVersion" set regValue=""
set Value1="checkversion"
rem 检查新版本注册表是否存在 reg query %regPath1% >nul 2>nul echo %errorlevel% echo !errorlevel! if %errorlevel%==0 ( echo new_version Registry key %regkey% exists. for /f "tokens=2*" %%a in ('reg query %regPath1% /v %regKey% ^| findstr /i %regKey%') do ( if "%regValue%"=="" ( echo value not exists ) else ( set Value1=%%b ) ) ) else ( echo new_version Registry key %regkey% does not exist. echo -------------------------- ::检查旧版本注册表路径是否存在 echo ###checking old_version### reg query %regPath2% >nul 2>nul if !errorlevel!==0 ( echo old_version Registry key %regkey% exists. for /f "tokens=2*" %%a in ('reg query %regPath2% /v %regKey% ^| findstr /i %regKey%') do ( if "%regValue%"=="" ( echo value not exists ) else ( set Value1=%%b ) ) ) else ( echo old_version Registry key %regkey% does not exist. set Value1=0.0.0 )
echo !Value1! echo %Value1%
set "Major=%Value1:.=" & set /A "Minor=Revision, Revision=Subrev, Subrev=%" echo Majorold: %Major% )
echo !Value1! echo %Value1%
set "Major=%Value1:.=" & set /A "Minor=Revision, Revision=Subrev, Subrev=%" echo Majornew: %Major%
rem 检查版本号 if %final_version% EQU 0 ( echo Program version is 0. Exiting script... exit /b 1 ) else if %Major% LSS 49 ( call :function1 ) else ( call :function2 )
rem 退出脚本 exit /b
:: :function1 echo Program version is less than 49. Executing function 1... rem 执行函数1的代码,在49版本以下,更新cert8.db证书库。
::显示db中的现有证书 set "db_path=%USERPROFILE%\AppData\Roaming\Mozilla\Firefox\Profiles\" set default_name="" ::判断证书数据库路径是否存在 IF EXIST %db_path% ( echo default_path exists rem 在这里添加需要执行的命令 set "count=0" for /d %%i in ("%db_path%\*") do ( set /a count+=1 set "folder=%%~nxi" ) ::判断是否只有*.default这一个文件夹 if !count! equ 1 ( set default_name=!folder! set "all_path=%db_path%!default_name!" ::显示default文件夹全路径 echo !all_path! ::显示更新前证书库 C:\firefoxinstallcert\nss-3.11\bin\certutil.exe -L -d !all_path! ::更新证书库 C:\firefoxinstallcert\nss-3.11\bin\certutil.exe -A -n "SomeNametest" -t "u,u,u" -i "C:\firefoxinstallcert\TPLINKCA.cer" -d !all_path! ::显示更新后的证书库 C:\firefoxinstallcert\nss-3.11\bin\certutil.exe -L -d !all_path! ) else ( echo no or more ) ) ELSE ( echo no )
goto :eof
:function2 echo Program version is greater than or equal to 49. Executing function 2... rem 执行函数2的代码,在49版本以上的FireFox中通过增加user.js配置文件启用security.enterprise_roots.enabled
::profiles默认配置文件目录 set "parentFolder=%APPDATA%\Mozilla\Firefox\Profiles" ::搜索存在default字符串的文件夹,即profiles配置文件夹 set "searchString=default" set source_user_js=C:\firefoxinstallcert\user.js ::将user.js文件拷贝到配置文件目录
IF EXIST %parentFolder% ( for /d %%F in ("%parentFolder%\*") do ( echo "%%~nxF" | findstr /C:"%searchString%" >nul 2>&1 if errorlevel 1 ( echo default Folder not found. ) else ( echo default Folder found. rem 拼接全路径 set "all_default_path=%parentFolder%\%%~nxF" echo !all_default_path! copy "%source_user_js%" !all_default_path! ) ) ) ELSE ( echo no ) goto :eof pause
