hi,
The Root Cert are stored in the PKCS #11 module that is loaded from the
library libnssckbi.so.
The default location for libnssckbi.so is the same directory with your
NSS databases cert8.db, key3.db, and secmod.db. It's
best to just copy libnssckbi. so to this directory with your NSS databases.
The location of libnssckbi.so can be checked/(changed with modutil) by
cd'ng to your db directory and doing "modutil -list -dbdir ."
[EMAIL PROTECTED]:~/tip/mozilla/tests_results/jss/Macintosh-2.local.1] ls
key3.db secmod.db cert8.db libnssckbi.dylib
[EMAIL PROTECTED]:~/tip/mozilla/tests_results/jss/Macintosh-2.local.1]
modutil -list -dbdir .
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
2. Root Certs
library name:
/Users/b/tip/mozilla/tests_results/jss/Macintosh-2.local.1/libnssckbi.dylib
slots: 1 slot attached
status: loaded
slot: NSS Builtin Objects
token: Builtin Object Token
-----------------------------------------------------------
have a good day,
glen
-glen
Dean wrote:
I've installed JSS on RedHat Linux and while it runs, it does not seem
able to find any of the built-in Ca certificates.
As I unserstand it these certificates are in libnssckbi.so. I have
checked to make sure this library is in the same directory with all
the other JSS, NSS and NSPR libraries and it is.
I wrote a simple program to call
cryptoManager.getCACerts();
On my Linux box it is returning an empty X509Certificate[]. On
Windows I get the expected array of size 103.
I've tried setting LD_LIBRARY_PATH to the directory with all the
shared libraries and that did not help. As a kind of weird sanity
check, I moved the libjss4.so file out of the libraries directory and
got the expected invocation errors due to a missing library.
Moving libnssckbi.so out of the library directory did not actually
cause any additional errors. I would still just get back the empty
array.
I'm sure I'm doing something really stupid ... but any help would be
appreciated.
Thanks
...Dean...
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto