Difference between revisions of "Network Security Services"

From ArchWiki
Jump to: navigation, search
(Created page with "Category:Internet and Email (English) == Introduction == Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enab...")
 
m (Moved to category "internet applications")
Line 1: Line 1:
[[Category:Internet and Email (English)]]
+
[[Category:Internet Applications (English)]]
 +
 
 
== Introduction ==
 
== Introduction ==
 +
 
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
 
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
  

Revision as of 11:40, 10 April 2011


Introduction

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

Certificate management

List

For list all certificates:

certutil -d sql:$HOME/.pki/nssdb -L

For list details of a certificate:

certutil -d sql:$HOME/.pki/nssdb -L -n <certificate nickname>

Add

To add a certificate use:

certutil -d sql:$HOME/.pki/nssdb -A -t <TRUSTARGS> -n <certificate nickname> -i <certificate filename>

The TRUSTARGS are three strings of zero or more alphabetic characters, separated by commas. They define how the certificate should be trusted for SSL, email, and object signing, and are explained in the certutil docs or Meena's blog post on trust flags.

To add a personal certificate and private key for SSL client authentication use the command:

pk12util -d sql:$HOME/.pki/nssdb -i PKCS12_file.p12

This will import a personal certificate and private key stored in a PKCS #12 file. The TRUSTARGS of the personal certificate will be set to "u,u,u".

Edit

certutil -d sql:$HOME/.pki/nssdb -M -t <TRUSTARGS> -n <certificate nickname>

Delete

certutil -d sql:$HOME/.pki/nssdb -D -n <certificate nickname>

Links and References