NSS: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 50: Line 50:
Enter new password:
Enter new password:
Re-enter password:
Re-enter password:
</pre>
A certificate database consists in the following files with the following permissions:
<pre>
/root/tmp/certs
-rw------- 1 root root 65536 Jan 31 16:43 cert8.db
-rw------- 1 root root 16384 Jan 31 16:43 key3.db
-rw------- 1 root root 16384 Jan 31 16:43 secmod.db
</pre>
</pre>

Revision as of 00:45, 1 February 2016

External

Internal

Overview

Network Security Services (NSS) comprises a set of libraries designed to support cross-platform development of security-enabled client and server applications with optional support for hardware TLS/SSL acceleration on the server side and hardware smart cards on the client side. NSS provides a complete open-source implementation of cryptographic libraries supporting Transport Layer Security (TLS) / Secure Sockets Layer (SSL) and S/MIME.

Certificates

Location on Linux: /etc/pki/nssdb

certutil

certutil -L -d /etc/pki/nssdb

More certutil usage examples: http://serverfault.com/questions/498588/smtp-gmail-com-from-bash-gives-error-in-certificate-peers-certificate-issuer

Create a New Certificate Database and Import Google's Certificate

1. Create a New Directory

Create the new directory that will become the home of the new certificate database:

cd ~/tmp
mkdir certs

2. Initialize it as a Certificate Database

certutil -N -d ./certs

The command will inquire for a password to encrypt the keys. If this database is used for public keys only, you can use an empty password:

[root@oceanlab tmp]# certutil -N -d ./certs
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.

Enter new password:
Re-enter password:

A certificate database consists in the following files with the following permissions:

/root/tmp/certs

-rw------- 1 root root 65536 Jan 31 16:43 cert8.db
-rw------- 1 root root 16384 Jan 31 16:43 key3.db
-rw------- 1 root root 16384 Jan 31 16:43 secmod.db