NSS Modules - dogtagpki/pki GitHub Wiki
To list modules in an NSS database:
$ modutil -dbdir nssdb -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. nfast
library name: /opt/nfast/toolkits/pkcs11/libcknfast.so
slots: 2 slots attached
status: loaded
slot: 061C-37A2-3CB3 Rt1
token: accelerator
slot: 061C-37A2-3CB3 Rt1 slot 0
token: NHSM6000
3. lunasa
library name: /usr/safenet/lunaclient/lib/libCryptoki2_64.so
slots: 4 slots attached
status: loaded
slot: LunaNet Slot
token: lunasa
slot: Luna UHD Slot
token:
slot: Luna UHD Slot
token:
slot: Luna UHD Slot
token:
-----------------------------------------------------------
To add p11-kit-trust module into an NSS database:
$ modutil -dbdir nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so
Verify with this command:
$ certutil -L -d nssdb -h p11-kit-trust
To install nFast module into an NSS database:
$ modutil -dbdir nssdb -add nfast -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so -force
To install Luna SA module into an NSS database:
$ modutil -dbdir nssdb -add lunasa -libfile /usr/safenet/lunaclient/lib/libCryptoki2_64.so -force
To install SoftHSM module into an NSS database:
$ modutil -dbdir nssdb -add softhsm -libfile /usr/lib64/pkcs11/libsofthsm2.so -force
To install NSS PEM module into an NSS database:
$ modutil -dbdir nssdb -add nss-pem -libfile /usr/lib64/libnsspem.so -force
To delete a module from an NSS database:
$ modutil -dbdir nssdb -delete <module> -force
To enable FIPS in an NSS database:
$ modutil -dbdir nssdb -fips true
To check FIPS status in an NSS database:
$ modutil -dbdir nssdb -chkfips true FIPS mode enabled.