Skip to content
Endi S. Dewata edited this page Jul 24, 2024 · 3 revisions

Adding p11-kit-trust Module

To add p11-kit-trust module into an NSS database:

$ echo | modutil -dbdir nssdb -add p11-kit-trust -libfile /usr/lib64/pkcs11/p11-kit-trust.so -force

Verifying p11-kit-trust Module

$ modutil -dbdir nssdb -list
...
  2. p11-kit-trust
	library name: /usr/lib64/pkcs11/p11-kit-trust.so
	   uri: pkcs11:library-manufacturer=PKCS%2311%20Kit;library-description=PKCS%2311%20Kit%20Trust%20Module;library-version=0.25
	 slots: 2 slots attached
	status: loaded

	 slot: /etc/pki/ca-trust/source
	token: System Trust
	  uri: pkcs11:token=System%20Trust;manufacturer=PKCS%2311%20Kit;serial=1;model=p11-kit-trust

	 slot: /usr/share/pki/ca-trust-source
	token: Default Trust
	  uri: pkcs11:token=Default%20Trust;manufacturer=PKCS%2311%20Kit;serial=1;model=p11-kit-trust

...

Verify with this command:

$ certutil -L -d nssdb -h p11-kit-trust

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

System Trust:win-RDU2-WINCA02-CA                             CT,C,C
Default Trust:A-Trust-Qual-02                                ,,C
Default Trust:A-Trust-Qual-03                                ,,C
Default Trust:A-Trust-Root-05                                ,,C
Default Trust:A-Trust-nQual-03                               ,,C
Default Trust:AC1 RAIZ MTIN                                  ,,C
...

Removing p11-kit-trust Module

$ modutil -dbdir nssdb -delete p11-kit-trust -force

See Also

Clone this wiki locally