NSS Modules - dogtagpki/pki GitHub Wiki

Listing NSS Modules

To list modules in an NSS database:

$ modutil -dbdir nssdb -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal PKCS #11 Module
         slots: 2 slots attached
        status: loaded

         slot: NSS Internal Cryptographic Services
        token: NSS Generic Crypto Services

         slot: NSS User Private Key and Certificate Services
        token: NSS Certificate DB

  2. nfast
        library name: /opt/nfast/toolkits/pkcs11/libcknfast.so
         slots: 2 slots attached
        status: loaded

         slot: 061C-37A2-3CB3 Rt1
        token: accelerator

         slot: 061C-37A2-3CB3 Rt1 slot 0
        token: NHSM6000

  3. lunasa
        library name: /usr/safenet/lunaclient/lib/libCryptoki2_64.so
         slots: 4 slots attached
        status: loaded

         slot: LunaNet Slot
        token: lunasa

         slot: Luna UHD Slot
        token:

         slot: Luna UHD Slot
        token:

         slot: Luna UHD Slot
        token:
-----------------------------------------------------------

Adding NSS Module

To add p11-kit-trust module into an NSS database:

$ modutil -dbdir nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so

Verify with this command:

$ certutil -L -d nssdb -h p11-kit-trust

To install nFast module into an NSS database:

$ modutil -dbdir nssdb -add nfast -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so -force

To install Luna SA module into an NSS database:

$ modutil -dbdir nssdb -add lunasa -libfile /usr/safenet/lunaclient/lib/libCryptoki2_64.so -force

To install SoftHSM module into an NSS database:

$ modutil -dbdir nssdb -add softhsm -libfile /usr/lib64/pkcs11/libsofthsm2.so -force

To install NSS PEM module into an NSS database:

$ modutil -dbdir nssdb -add nss-pem -libfile /usr/lib64/libnsspem.so -force

Removing NSS Module

To delete a module from an NSS database:

$ modutil -dbdir nssdb -delete <module> -force

FIPS

To enable FIPS in an NSS database:

$ modutil -dbdir nssdb -fips true

To check FIPS status in an NSS database:

$ modutil -dbdir nssdb -chkfips true
FIPS mode enabled.

See Also

⚠️ **GitHub.com Fallback** ⚠️