Re: JSS not finding built in CA certificates on Linux

Mon, 27 Oct 2008 10:28:34 -0700 

hi,
The Root Cert are stored in the PKCS #11 module that is loaded from the library libnssckbi.so. The default location for libnssckbi.so is the same directory with your NSS databases cert8.db, key3.db, and secmod.db. It's 
best to just copy libnssckbi. so to this directory with your NSS databases.
The location of libnssckbi.so can be checked/(changed with modutil) by cd'ng to your db directory and doing "modutil -list -dbdir ." 

[EMAIL PROTECTED]:~/tip/mozilla/tests_results/jss/Macintosh-2.local.1] ls
key3.db  secmod.db cert8.db libnssckbi.dylib
[EMAIL PROTECTED]:~/tip/mozilla/tests_results/jss/Macintosh-2.local.1] modutil -list -dbdir . 

Listing of PKCS #11 Modules
-----------------------------------------------------------
 1. NSS Internal PKCS #11 Module
    slots: 2 slots attached
   status: loaded

    slot: NSS Internal Cryptographic Services
   token: NSS Generic Crypto Services

    slot: NSS User Private Key and Certificate Services
   token: NSS Certificate DB

 2. Root Certs
library name: /Users/b/tip/mozilla/tests_results/jss/Macintosh-2.local.1/libnssckbi.dylib 
    slots: 1 slot attached
   status: loaded

    slot: NSS Builtin Objects
   token: Builtin Object Token
-----------------------------------------------------------

have a good day,

glen



-glen


Dean wrote:

I've installed JSS on RedHat Linux and while it runs, it does not seem
able to find any of the built-in Ca certificates.

As I unserstand it these certificates are in libnssckbi.so.  I have
checked to make sure this library is in the same directory with all
the other JSS, NSS and NSPR libraries and it is.

I wrote a simple program to call
  cryptoManager.getCACerts();

On my Linux box it is returning an empty X509Certificate[].  On
Windows I get the expected array of size 103.

I've tried setting LD_LIBRARY_PATH to the directory with all the
shared libraries and that did not help.  As a kind of weird sanity
check, I moved the libjss4.so file out of the libraries directory and
got the expected invocation errors due to a missing library.

Moving libnssckbi.so out of the library directory did not actually
cause any additional errors.  I would still just get back the empty
array.

I'm sure I'm doing something really stupid ... but any help would be
appreciated.

Thanks

...Dean...

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto


_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to