[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

RE: Coolkey and OpenSSL Engines



> I don't see how I would get NSS to work with Coolkey to access my CAC 
> token, is that possible?  Can you provide some links to any 
> documentation?

Oh, that's not hard. NSS's forte hasn't been documentation though, in my
experience. You can make a new NSS database like "mkdir /my/nssdb/dir;
certutil -N -d /my/nssdb/dir", then add the coolkey module to it like
"modutil -add any_funky_name_i_want -libfile
/usr/lib64/pkcs11/libcoolkeypk11.so -dbdir /my/nssdb/dir". After doing
that, if I "signtool -L -d ." I can see the certificates on my CAC. Of
course, to do anything useful you may need to import the DoD root
certificates using certutil. All the programs I've mentioned are NSS
tools, and on my RHEL 5 box, they're in the nss-tools package.

I've never used this stunnel thing, but I assume once you get it patched
properly it would need to know an NSS directory to use (the NSS tools
tend to default to $HOME/.netscape). This NSS directory has the
secmod.db in it, which is where the modutil notates that you've added
the Coolkey module. Then if you point stunnel at the NSS directory, it
might Just Work (tm), asking you for a PIN and then doing whatever it's
supposed to do. That's what signtool did for me.

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Home]     [Fedora Legacy List]     [Fedora Maintainers]     [Fedora Desktop]     [Red Hat 9 Bible]     [Fedora Bible]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]

Powered by Linux

Google
  Web www.spinics.net