linux:utilities:nss
Netscape Security Suite (NSS)
The Netscape Security Suite (NSS) manages certificates and PKCS#11 modules.
There is also a GUI application, called nss-gui.
Commands
- show all stored certificates in database
cert8.db(see also Certificate Database Tool of Netscape Security Suite)certutil -L -d ~/.local/share/evolution
- show all stored certificates on a (G&D StarSign) ElsterStick
certutil -L -d ~/.local/share/evolution -h "ElsterStick 1.0"
- add a new PKCS#11 module to database
secmod.db(see also Security Module Database of Netscape Security Suite)modutil -add "StarSign USB Token" -libfile /usr/local/lib/libstarsignpkcs11.so -dbdir ~/.local/share/evolution
This also works for Firefox, using
certutil -L -h “StarSign USB Token” -d ~/.mozilla/firefox/*.default, but requires the packagelibnss3-tools. The cryptographic modules should then be shown as for example in this figure.
Especially on CentOS you should start the PC/SC damon (
pcscd) on system boot, and not driven by udev (configure for example using Gnome application system-config-services). This ensures Firefox is running properly also without a USB security stick plugged in.
- to show all cryptographic modules use:
modutil -list -dbdir .
linux/utilities/nss.txt · Last modified: 2020/12/24 16:58 by Ralf H.