> I don't see how I would get NSS to work with Coolkey to access my CAC > token, is that possible? Can you provide some links to any > documentation? Oh, that's not hard. NSS's forte hasn't been documentation though, in my experience. You can make a new NSS database like "mkdir /my/nssdb/dir; certutil -N -d /my/nssdb/dir", then add the coolkey module to it like "modutil -add any_funky_name_i_want -libfile /usr/lib64/pkcs11/libcoolkeypk11.so -dbdir /my/nssdb/dir". After doing that, if I "signtool -L -d ." I can see the certificates on my CAC. Of course, to do anything useful you may need to import the DoD root certificates using certutil. All the programs I've mentioned are NSS tools, and on my RHEL 5 box, they're in the nss-tools package. I've never used this stunnel thing, but I assume once you get it patched properly it would need to know an NSS directory to use (the NSS tools tend to default to $HOME/.netscape). This NSS directory has the secmod.db in it, which is where the modutil notates that you've added the Coolkey module. Then if you point stunnel at the NSS directory, it might Just Work (tm), asking you for a PIN and then doing whatever it's supposed to do. That's what signtool did for me. _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
