This could be a slightly off-topic… I had a lab for education purposes that required to make ssl mitm for a sample connection. I didn’t use XAMP which is already pre-configured for similar tasks. I tried to configure mitm with owasp zap proxy. Now I’m not sure that I’ve no zap key in keys4.db in firefox after removal of zap certificate via firefox interface. How can I check this from console?
I’ve succeeded using certutil to list zap certificates in cert9.db, but listing keys in keys4.db with certutil asks for a password (command like ‘certutil -K -h all -k all -d ~/.mozilla/firefox/ro0widsl.default/’) for “NSS” stuff (db or slot), and this password is not my master password protecting my accounts. Unfortunately I’ve no fresh backup of firefox folder. I use sync “settings”, but not passwords, so if I login next time in firefox sync the wrong settings (I guess the key from owasp zap also) will migrate from one qube to another. This qube has a lot of passwords already used there… Better if I find a way to check the keys4.db file. 
Has anyone solved similar quest? Please help then.