Type the following command to add the Solaris crypto framework to network security services (NSS) in the config directory
$ cd <install-dir>/<instance-dir>/lib/modutil -dbdir <install-dir>/<instance-dir>/config -nocertdb -add "scf" -libfile /usr/lib/libpkcs11.so -mechanisms RSA
Verify the registration using the following command:
$cd <install-dir>/<instance-dir>/lib/modutil -dbdir <install-dir>/<instance-dir>/config -nocertdb -list
Listing of PKCS #11 Modules 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB 2. scf library name: /usr/lib/libpkcs11.so slots: 1 slot attached status: loaded slot: Sun Crypto Softtoken token: Sun Software PKCS#11 softtoken 3. Root Certs library name: libnssckbi.so slots: There are no slots attached to this module status: Not loaded
For more information on creating server certificates, see Requesting a Certificate
If certificates exists in NSS database, you can export or import the certificates using the following pk12util command:
$pk12util -o server.pk12 -d . -n <server-cert>
$pk12util -i server.pk12 -d . -h "Sun Software PKCS#11 softtoken"
By default, certutil/pk12util searches the databases for cert8.db and key3.db. Add -P as the prefix for the Web Server, which uses the alternate names https-instance-hostname-cert8.db and https-instance-hostname-key3.db.