Difference between revisions of "NSS Modules"

From Dogtag
Jump to: navigation, search
(Created page with "= Listing Installed NSS Modules = <pre> $ modutil -dbdir nssdb -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal...")
 
m (See Also)
 
(2 intermediate revisions by the same user not shown)
Line 112: Line 112:
 
* [[NSS]]
 
* [[NSS]]
 
* [[NSS Database]]
 
* [[NSS Database]]
 +
* [https://p11-glue.github.io/p11-glue/p11-kit.html p11-kit]
 +
* [https://p11-glue.github.io/p11-glue/p11-kit/manual/trust-nss.html Using the Trust Policy Module with NSS]
 +
* [https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/PKCS11/Module_Specs NSS PKCS #11 Module Specs]

Latest revision as of 13:46, 8 October 2019

Listing Installed NSS Modules

$ modutil -dbdir nssdb -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
         slots: 2 slots attached
        status: loaded
 
         slot: NSS Internal Cryptographic Services
        token: NSS Generic Crypto Services
 
         slot: NSS User Private Key and Certificate Services
        token: NSS Certificate DB
 
  2. nfast
        library name: /opt/nfast/toolkits/pkcs11/libcknfast.so
         slots: 2 slots attached
        status: loaded
 
         slot: 061C-37A2-3CB3 Rt1
        token: accelerator
 
         slot: 061C-37A2-3CB3 Rt1 slot 0
        token: NHSM6000

  3. lunasa
        library name: /usr/safenet/lunaclient/lib/libCryptoki2_64.so
         slots: 4 slots attached
        status: loaded

         slot: LunaNet Slot
        token: lunasa

         slot: Luna UHD Slot
        token:

         slot: Luna UHD Slot
        token:

         slot: Luna UHD Slot
        token:
-----------------------------------------------------------

Installing NSS Module

To install p11-kit-trust module:

$ modutil -dbdir nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so

Verify with this command:

$ certutil -L -d nssdb -h p11-kit-trust

To install nFast module:

$ modutil -dbdir nssdb -add nfast -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so -force

To install Luna SA module:

$ modutil -dbdir nssdb -add lunasa -libfile /usr/safenet/lunaclient/lib/libCryptoki2_64.so -force

To install SoftHSM module:

$ modutil -dbdir nssdb -add softhsm -libfile /usr/lib64/pkcs11/libsofthsm2.so -force

Removing NSS Module

To delete a module:

$ modutil -dbdir nssdb -delete <module> -force

FIPS

To enable FIPS:

$ modutil -dbdir nssdb -fips true

To check FIPS status:

$ modutil -dbdir nssdb -chkfips true
FIPS mode enabled.

HSM Password

Store the HSM password in a separate file:

$ echo Secret.123 > password.HSM

See Also