forked from p11-glue/p11-kit
-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Endi S. Dewata edited this page Jul 24, 2024
·
3 revisions
To add p11-kit-trust
module into an NSS database:
$ echo | modutil -dbdir nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so -force
$ modutil -dbdir nssdb -list ... 2. p11-kit-trust library name: /usr/lib64/pkcs11/p11-kit-trust.so uri: pkcs11:library-manufacturer=PKCS%2311%20Kit;library-description=PKCS%2311%20Kit%20Trust%20Module;library-version=0.25 slots: 2 slots attached status: loaded slot: /etc/pki/ca-trust/source token: System Trust uri: pkcs11:token=System%20Trust;manufacturer=PKCS%2311%20Kit;serial=1;model=p11-kit-trust slot: /usr/share/pki/ca-trust-source token: Default Trust uri: pkcs11:token=Default%20Trust;manufacturer=PKCS%2311%20Kit;serial=1;model=p11-kit-trust ...
Verify with this command:
$ certutil -L -d nssdb -h p11-kit-trust Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI System Trust:win-RDU2-WINCA02-CA CT,C,C Default Trust:A-Trust-Qual-02 ,,C Default Trust:A-Trust-Qual-03 ,,C Default Trust:A-Trust-Root-05 ,,C Default Trust:A-Trust-nQual-03 ,,C Default Trust:AC1 RAIZ MTIN ,,C ...
$ modutil -dbdir nssdb -delete p11-kit-trust -force