diff options
| author | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
|---|---|---|
| committer | Matt A. Tobin <mattatobin@localhost.localdomain> | 2018-02-02 04:16:08 -0500 |
| commit | 5f8de423f190bbb79a62f804151bc24824fa32d8 (patch) | |
| tree | 10027f336435511475e392454359edea8e25895d /security/nss/lib/ckfw/builtins/README | |
| parent | 49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff) | |
| download | UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip | |
Add m-esr52 at 52.6.0
Diffstat (limited to 'security/nss/lib/ckfw/builtins/README')
| -rw-r--r-- | security/nss/lib/ckfw/builtins/README | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/security/nss/lib/ckfw/builtins/README b/security/nss/lib/ckfw/builtins/README new file mode 100644 index 000000000..fc0393c38 --- /dev/null +++ b/security/nss/lib/ckfw/builtins/README @@ -0,0 +1,45 @@ +This README file explains how to add a builtin root CA certificate to NSS +or remove a builtin root CA certificate from NSS. + +The builtin root CA certificates in NSS are stored in the nssckbi PKCS #11 +module. The sources to the nssckbi module are in this directory. + +I. Adding a Builtin Root CA Certificate + +You need to use the addbuiltin command-line tool to add a root CA certificate +to the nssckbi module. In the procedure described below, we assume that the +new root CA certificate is distributed in DER format in the file newroot.der. + +1. Add the directory where the addbuiltin executable resides to your PATH +environment variable. Then, add the directory where the NSPR and NSS shared +libraries (DLLs) reside to the platform-specific environment variable that +specifies your shared library search path: LD_LIBRARY_PATH (most Unix +variants), SHLIB_PATH (32-bit HP-UX), LIBPATH (AIX), or PATH (Windows). + +2. Copy newroot.der to this directory. + +3. In this directory, run addbuiltin to add the new root certificate. The +argument to the -n option should be replaced by the nickname of the root +certificate. + + % addbuiltin -n "Nickname of the Root Certificate" -t C,C,C < newroot.der >> certdata.txt + +4. Edit nssckbi.h to bump the version of the module. + +5. Run gmake in this directory to build the nssckbi module. + +6. After you verify that the new nssckbi module is correct, check in +certdata.txt and nssckbi.h. + +II. Removing a Builtin Root CA Certificate + +1. Change directory to this directory. + +2. Edit certdata.txt and remove the root CA certificate. + +3. Edit nssckbi.h to bump the version of the module. + +4. Run gmake in this directory to build the nssckbi module. + +5. After you verify that the new nssckbi module is correct, check in +certdata.txt and nssckbi.h. |