Difference between revisions of "Network Security Services"

From ArchWiki
Jump to: navigation, search
(recategorize)
(Added link to Russian version of the article; Some formatting improvements.)
Line 1: Line 1:
 +
[[ru:Network Security Services]]
 
[[Category:Internet applications]]
 
[[Category:Internet applications]]
Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
+
'''Network Security Services (NSS)''' is a set of libraries designed to support cross-platform development of security-enabled client and server applications.
  
==Certificate management==
+
Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
===List===
+
 
For list all certificates:
+
== Certificate management ==
certutil -d sql:$HOME/.pki/nssdb -L
+
 
For list details of a certificate:
+
=== List certificate DB ===
certutil -d sql:$HOME/.pki/nssdb -L -n <certificate nickname>
+
 
===Add===
+
To get list all certificates:
 +
{{bc|$ certutil -d sql:$HOME/.pki/nssdb -L}}
 +
 
 +
 
 +
To get details about certificate:
 +
{{bc|$ certutil -d sql:$HOME/.pki/nssdb -L -n ''<certificate nickname>''}}
 +
 
 +
=== Import certificate ===
 
To add a certificate use:
 
To add a certificate use:
certutil -d sql:$HOME/.pki/nssdb -A -t <TRUSTARGS> -n <certificate nickname> -i <certificate filename>
+
{{bc|$ certutil -d sql:$HOME/.pki/nssdb -A -t ''<TRUSTARGS>'' -n ''<certificate nickname>'' -i ''<certificate filename>''}}
 
The TRUSTARGS are three strings of zero or more alphabetic characters, separated by commas. They define how the certificate should be trusted for SSL, email, and object signing, and are explained in the certutil docs or Meena's blog post on trust flags.
 
The TRUSTARGS are three strings of zero or more alphabetic characters, separated by commas. They define how the certificate should be trusted for SSL, email, and object signing, and are explained in the certutil docs or Meena's blog post on trust flags.
  
 
To add a personal certificate and private key for SSL client authentication use the command:
 
To add a personal certificate and private key for SSL client authentication use the command:
pk12util -d sql:$HOME/.pki/nssdb -i PKCS12_file.p12
+
{{bc|$ pk12util -d sql:$HOME/.pki/nssdb -i ''<PKCS12_file.p12>''}}
 
This will import a personal certificate and private key stored in a PKCS #12 file. The TRUSTARGS of the personal certificate will be set to "u,u,u".
 
This will import a personal certificate and private key stored in a PKCS #12 file. The TRUSTARGS of the personal certificate will be set to "u,u,u".
===Edit===
+
 
certutil -d sql:$HOME/.pki/nssdb -M -t <TRUSTARGS> -n <certificate nickname>
+
=== Edit certificate ===
===Delete===
+
 
certutil -d sql:$HOME/.pki/nssdb -D -n <certificate nickname>
+
{{bc|$ certutil -d sql:$HOME/.pki/nssdb -M -t ''<TRUSTARGS>'' -n ''<certificate nickname>''}}
==Links and References==
+
 
 +
=== Delete certificate ===
 +
 
 +
{{bc|$ certutil -d sql:$HOME/.pki/nssdb -D -n ''<certificate nickname>''}}
 +
 
 +
== Links and References ==
 +
 
 
* [http://www.mozilla.org/projects/security/pki/nss/ Network Security Services] on mozilla.org.
 
* [http://www.mozilla.org/projects/security/pki/nss/ Network Security Services] on mozilla.org.
 
* [http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html#1034193 Using the Certificate Database Tool] on mozilla.org.
 
* [http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html#1034193 Using the Certificate Database Tool] on mozilla.org.
 
* [http://code.google.com/p/chromium/wiki/LinuxCertManagement Certificate management] on Chromium help.
 
* [http://code.google.com/p/chromium/wiki/LinuxCertManagement Certificate management] on Chromium help.
 
* [http://blogs.oracle.com/meena/entry/notes_about_trust_flags Managing Certificate Trust flags in NSS Database] on Meena's blog.
 
* [http://blogs.oracle.com/meena/entry/notes_about_trust_flags Managing Certificate Trust flags in NSS Database] on Meena's blog.

Revision as of 20:41, 21 March 2014

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications.

Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

Certificate management

List certificate DB

To get list all certificates:

$ certutil -d sql:$HOME/.pki/nssdb -L


To get details about certificate:

$ certutil -d sql:$HOME/.pki/nssdb -L -n <certificate nickname>

Import certificate

To add a certificate use:

$ certutil -d sql:$HOME/.pki/nssdb -A -t <TRUSTARGS> -n <certificate nickname> -i <certificate filename>

The TRUSTARGS are three strings of zero or more alphabetic characters, separated by commas. They define how the certificate should be trusted for SSL, email, and object signing, and are explained in the certutil docs or Meena's blog post on trust flags.

To add a personal certificate and private key for SSL client authentication use the command:

$ pk12util -d sql:$HOME/.pki/nssdb -i <PKCS12_file.p12>

This will import a personal certificate and private key stored in a PKCS #12 file. The TRUSTARGS of the personal certificate will be set to "u,u,u".

Edit certificate

$ certutil -d sql:$HOME/.pki/nssdb -M -t <TRUSTARGS> -n <certificate nickname>

Delete certificate

$ certutil -d sql:$HOME/.pki/nssdb -D -n <certificate nickname>

Links and References