NSS Modules - dogtagpki/pki GitHub Wiki
To list modules in an NSS database:
$ modutil -dbdir nssdb -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB 2. nfast library name: /opt/nfast/toolkits/pkcs11/libcknfast.so slots: 2 slots attached status: loaded slot: 061C-37A2-3CB3 Rt1 token: accelerator slot: 061C-37A2-3CB3 Rt1 slot 0 token: NHSM6000 3. lunasa library name: /usr/safenet/lunaclient/lib/libCryptoki2_64.so slots: 4 slots attached status: loaded slot: LunaNet Slot token: lunasa slot: Luna UHD Slot token: slot: Luna UHD Slot token: slot: Luna UHD Slot token: -----------------------------------------------------------
To add p11-kit-trust module into an NSS database:
$ modutil -dbdir nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so
Verify with this command:
$ certutil -L -d nssdb -h p11-kit-trust
To install nFast module into an NSS database:
$ modutil -dbdir nssdb -add nfast -libfile /opt/nfast/toolkits/pkcs11/libcknfast.so -force
To install Luna SA module into an NSS database:
$ modutil -dbdir nssdb -add lunasa -libfile /usr/safenet/lunaclient/lib/libCryptoki2_64.so -force
To install SoftHSM module into an NSS database:
$ modutil -dbdir nssdb -add softhsm -libfile /usr/lib64/pkcs11/libsofthsm2.so -force
To install NSS PEM module into an NSS database:
$ modutil -dbdir nssdb -add nss-pem -libfile /usr/lib64/libnsspem.so -force
To delete a module from an NSS database:
$ modutil -dbdir nssdb -delete <module> -force
To enable FIPS in an NSS database:
$ modutil -dbdir nssdb -fips true
To check FIPS status in an NSS database:
$ modutil -dbdir nssdb -chkfips true FIPS mode enabled.