• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3734
  • Last Modified:

How to read certificates from the browser's keystore databases from both IE and Firefox

Hello experts,

I have a few questions on importing certificates from Browsers: IE and Firefox.

I need to read the certificates from the browser with my servlet. Basically some users browsers have certificates installed in there that are assigned to them. I need to obtain that certificate, convert it to a base64 string and pass it to a SOAP service call to do SSO for that user with that cert. I have written most of it including a class that takes base64 string certificate, convert to a X509 object so that I can parse all the information from it.

On Firefox there are 2 files for their trustore databases, key3.db and cert8.db. I wonder which file would contain the certificates installed on the browser.

Reading java documentation I found out that I can initialize a keystore object with one of those files.

So I've tried something like this method loadStore. I need the password to the file to be able to open it and its type. Hence, how do I get the password for that file? Where does Firefox stores it or is there a standard password for it. In some research docs I found the password should be something like 'changeit'.

Then you have the store type which can be JCEKS, JKS, x.jceks.

So how do I determine which store type I have?

Also, how can I do the same with IE?

The idea is to be able to programmatic import certificates installed on the localbox browser.

For a Linux system, Firefox has a random folder name which is inside each user. Is there any enviroment variable that can give me that? For instance on this box the folder is /home/user1/.mozilla/firefox/g5vp07oz.default  The random folder name is "something".default under $HOME/.mozilla/firefox.

On Internet Explorer, where would the certificate database be? How do I initialize a KeyStore object reading from those DB files?
// loadStore method
public static KeyStore loadStore(String file, String pass, String type) throws Exception {
        KeyStore ks = KeyStore.getInstance(type);
        FileInputStream is = null;
        if (file != null && !file.equals("NONE")) {
            is = new FileInputStream(file);
        ks.load(is, pass.toCharArray());
        return ks;

Open in new window

  • 2
1 Solution
People attempting to answer this might like to look at the related question: http://www.experts-exchange.com/Programming/Languages/Java/Q_24419349.html
Pretty sure they use proprietry format. As I mentioned in your other question I don't believe it can be done.

CarlosScheideckerAuthor Commented:
It seems to me that there is a solution, albeit not elegant:

It is here http://finger-in-the-eye.blogspot.com/2007/03/cmo-acceder-al-keystore-de-firefox-con.html

The problem is that you need to load the NSS libraries.

However, looking insider sunpcks11.jar  that there might be a better solution.
Sorry I told you earlier you would need a native solution, thought you want a Java only solution :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now