环境: Centos 6.5
modutil 参数:
所有命令可参见系统自带帮助,通俗易懂。
modutil (选项)(参数)
Usage: modutil [command] [options]
COMMANDS
---------------------------------------------------------------------------
-add MODULE_NAME Add the named module to the module database
-libfile LIBRARY_FILE The name of the file (.so or .dll)
containing the implementation of PKCS #11
[-ciphers CIPHER_LIST] Enable the given ciphers on this module
[-mechanisms MECHANISM_LIST] Make the module a default provider of the
given mechanisms
[-string CONFIG_STRING] Pass a configuration string to this module
-changepw TOKEN Change the password on the named token
[-pwfile FILE] The old password is in this file
[-newpwfile FILE] The new password is in this file
-chkfips [ true | false ] If true, verify FIPS mode. If false,
verify not FIPS mode
-create Create a new set of security databases
-default MODULE Make the given module a default provider
-mechanisms MECHANISM_LIST of the given mechanisms
[-slot SLOT] limit change to only the given slot
-delete MODULE Remove the named module from the module
database
-disable MODULE Disable the named module
[-slot SLOT] Disable only the named slot on the module
-enable MODULE Enable the named module
[-slot SLOT] Enable only the named slot on the module
-fips [ true | false ] If true, enable FIPS mode. If false,
disable FIPS mode
-force Do not run interactively
-jar JARFILE Install a PKCS #11 module from the given
JAR file in the PKCS #11 JAR format
-installdir DIR Use DIR as the root directory of the
installation
[-tempdir DIR] Use DIR as the temporary installation
directory. If not specified, the current
directory is used
-list [MODULE] Lists information about the specified module
or about all modules if none is specified
-rawadd MODULESPEC Add module spec string to secmod DB
-rawlist [MODULE] Display module spec(s) for one or all
loadable modules
-undefault MODULE The given module is NOT a default provider
-mechanisms MECHANISM_LIST of the listed mechanisms
[-slot SLOT] limit change to only the given slot
---------------------------------------------------------------------------
OPTIONS
---------------------------------------------------------------------------
-dbdir DIR Directory DIR contains the security databases
-dbprefix prefix Prefix for the security databases
-nocertdb Do not load certificate or key databases. No
verification will be performed on JAR files.
-secmod secmodName Name of the security modules file
---------------------------------------------------------------------------
Mechanism lists are colon-separated. The following mechanisms are recognized:
RSA, DSA, DH, RC2, RC4, RC5, AES, CAMELLIA, DES, MD2, MD5, SHA1, SHA256, SHA512,
SSL, TLS, RANDOM, and FRIENDLY
Cipher lists are colon-separated. The following ciphers are recognized:
Questions or bug reports should be sent to modutil-support@netscape.com.
首先找到要注册到的目录
find / -name cert8.db
可以找到一些目录
其中ect下的是nss目录
用户目录下的是firefox的目录
下一步,使用modutil 注册p11
注册到firefox:
注册过程会提示确认 , -force 直接注册不提示, 具体参数参照文章开头
#需要以登录用户权限启动而不是root,或者根据上图直接指定目录
profiledir=`cat /home/*/.mozilla/firefox/profiles.ini | sed -n -e 's/^.*Path=//p' | head -n 1`
modutil -dbdir ${HOME}/.mozilla/firefox/$profiledir -force -add (随便起个名字) -libfile p11库.so
注册到nss
把 /home/用户名/.mozilla/firefox/*.default 换成 /etc/pki/nssdb 即可
注意:目录都是定位到db的上一级,不是直接定位到*.db