RE: Coolkey and OpenSSL Engines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


> I don't see how I would get NSS to work with Coolkey to access my CAC 
> token, is that possible?  Can you provide some links to any 
> documentation?

Oh, that's not hard. NSS's forte hasn't been documentation though, in my
experience. You can make a new NSS database like "mkdir /my/nssdb/dir;
certutil -N -d /my/nssdb/dir", then add the coolkey module to it like
"modutil -add any_funky_name_i_want -libfile
/usr/lib64/pkcs11/ -dbdir /my/nssdb/dir". After doing
that, if I "signtool -L -d ." I can see the certificates on my CAC. Of
course, to do anything useful you may need to import the DoD root
certificates using certutil. All the programs I've mentioned are NSS
tools, and on my RHEL 5 box, they're in the nss-tools package.

I've never used this stunnel thing, but I assume once you get it patched
properly it would need to know an NSS directory to use (the NSS tools
tend to default to $HOME/.netscape). This NSS directory has the
secmod.db in it, which is where the modutil notates that you've added
the Coolkey module. Then if you point stunnel at the NSS directory, it
might Just Work (tm), asking you for a PIN and then doing whatever it's
supposed to do. That's what signtool did for me.

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux