NSS
This chapter describes the certutil
Network Security Service (NSS) certificate
tool available in Oracle Linux and how to use it to create Certificate Signing Requests
(CSRs), self-signed certificates, and privately owned CA certificates with NSS database
files which store certificates and private keys for applications.
NSS is a set of libraries designed to enable cross-platform development of security-enabled client and server applications. Applications built with NSS work with SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.
Before you can use certutil
to manage certificates, CSRs, and keys, you
must have access to the NSS database files. You can use the legacy security databases files
(cert8.db
for certificates, key3.db
for keys, and secmod.db
for PKCS #11 module information)
or the new SQLite database files (cert9.db
for certificates, key4.db
for keys, and pkcs11.txt
for PKCS #11 modules). This section provides examples from the new database files.
You can also use the related pk12util
command to export and import
certificates and keys from a PKCS #12 file to an NSS database or the reverse.
certutil
and pk12util
, install the
nss-tools
package available in the Application Stream
repository:sudo dnf install nss-tools
The following examples show how to use the certutil
and
pk12util
commands.
For more information, see the certutil(1)
and pk12util(1)
manual pages and the NSS open source project at https://firefox-source-docs.mozilla.org/security/nss/index.html.