User Tools

Site Tools


Netscape Security Suite (NSS)

The Netscape Security Suite (NSS) manages certificates and PKCS#11 modules. There is also a GUI application, called nss-gui.


  • show all stored certificates in database cert8.db (see also Certificate Database Tool of Netscape Security Suite)
    certutil -L -d ~/.local/share/evolution
  • show all stored certificates on a (G&D StarSign) ElsterStick
    certutil -L -d ~/.local/share/evolution -h "ElsterStick 1.0"
  • add a new PKCS#11 module to database secmod.db (see also Security Module Database of Netscape Security Suite)
    modutil -add "StarSign USB Token" -libfile /usr/local/lib/ -dbdir ~/.local/share/evolution

    This also works for Firefox, using certutil -L -h “StarSign USB Token” -d ~/.mozilla/firefox/*.default, but requires the package libnss3-tools. The cryptographic modules should then be shown as for example in this figure.

Especially on CentOS you should start the PC/SC damon (pcscd) on system boot, and not driven by udev (configure for example using Gnome application system-config-services). This ensures Firefox is running properly also without a USB security stick plugged in.
  • to show all cryptographic modules use:
    modutil -list -dbdir .
linux/utilities/nss.txt · Last modified: 2020/12/24 16:58 by Ralf H.