Stack Overflow
Stack Overflow

Questions tagged [nss]

Network Security Services (NSS) is a set of libraries designed and maintained by Mozilla to support cross-platform development of security-enabled client and server applications.

Network Security Services (NSS) is a set of libraries designed and maintained by Mozilla to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.

169 questions
39
votes
2 answers

What is the difference between a PKCS12 keystore and a PKCS11 keystore?

I'm interested in Java-NSS libraries, and I'm reading the Sun's P11 Guide. I am confused on the following: What is the difference between using a PKCS12 keystore and a PKCS11 keystore? A keystore is just a keystore, right? Are there some…
Cratylus
  • 52,998
  • 69
  • 209
  • 339
32
votes
11 answers

cURL not working (Error #77) for SSL connections on CentOS for non-root users

Just recently my server has stopped working for curl requests to https:// addresses for my web server. Having dug around a little it appears that it's a problem with the user the webserver is running. If I SSH onto the server as root & call curl -I…
TobyG
  • 1,692
  • 3
  • 21
  • 36
17
votes
2 answers

How to create a certificate chain using keytool?

I want to create certificate chain in java as follows: ca.mycompany.com |--asia.mycompany.com |--india.mycompany.com where ca.mycompany.com is a root certificate (self signed). I know this is possible with OpenSSL. But is it possible to to…
Tamal Kanti Nath
  • 914
  • 2
  • 10
  • 18
13
votes
1 answer

Adding a Service to Name Service Switch

So I am trying to add a service to NSS (Name Service Switch). Please note the GNU guide on how to do it here. I have been following that guide. I need to implement a service that works with the passwd database. The problem I am having is my module…
David Mokon Bond
  • 1,576
  • 2
  • 18
  • 42
12
votes
4 answers

certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format

I had downloaded a verified (not self-signed) S/MIME certificate with iceweasel (firefox) which was stored in cert8.db Then I used: certutil -L -d in order to list the certificates, and then I extracted the…
stelios
  • 2,679
  • 5
  • 31
  • 41
12
votes
4 answers

PHP Curl (with NSS) is probably using SSLv3 instead of TLS when connecting to https

I'm using curl library (with NSS) in PHP to connect to my other server. Everything was fine until last week, when the destination server stoped supporting SSLv3 due to poodle vulnerability (CloudFlare by the way). Now, I'm trying to make connection…
Lapak
  • 165
  • 1
  • 2
  • 9
11
votes
1 answer

using getaddrinfo() only checks nscd cache first time if DNS times out

If I get an initial "Name or service not known" (EAI_NONAME), the next call to getaddrinfo() seems to go straight to the dns instead of checking the cache first (nscd logs show no lookup attempts, tcpdump shows traffic to DNS server). If the first…
colin.mc
  • 111
  • 1
  • 4
9
votes
1 answer

Error: Can't access lexical declaration

let textBytes = ctypes.uint8_t("hello"); let a = new SECItem; a.type = siBuffer; a.data = textBytes.address(); a.len = textBytes.length; I got ReferenceError: can't access lexical declaration textBytes before initialization.
Nona Haron
  • 171
  • 1
  • 1
  • 6
8
votes
1 answer

java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available, Trying to Enable FIPS mode using SUNPKCS11 in java 11

I'm trying to enable FIPS mode using SUNPKCS11 with NSS in Java 11. I got this exception java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available. When I tried to enable FIPS in Java 8 it works fine but doing the same in Java 11 throws…
N V
  • 81
  • 1
  • 6
8
votes
1 answer

SSL certificate generated with OpenSSL not working on NSS

I have SSL certificate ( key.pem, cacert.pem, pcert.pem ) generated with OpenSSL on Linux Mint machine. Now I'm trying to move my application to another server where is installed Fedora 18 with NSS. cURL is returning this error: unable to load…
0x3d
  • 460
  • 1
  • 8
  • 27
7
votes
1 answer

TLS handshake fails between a Java 1.8 client and a Java 1.7 TLS 1.1 server running in FIPS mode, even after disabling TLS 1.2 in the client side

The SSL / TLS handshake between a "Java 1.7 TLS 1.1 server" and a "Java 1.8 client" fails in my environment with the following exception on the server side: java.security.NoSuchAlgorithmException: no such algorithm: SunTls12MasterSecret for…
Sanjay Bhat
  • 171
  • 1
  • 1
  • 9
6
votes
1 answer

NSS/JSS: load user imported cert along with PKCS#11 smartcard in Java

Scenario I am working on a Java Swing project, where I must develop a feature of listing certificates for users to choose for authentication via SSL against the server. These certificates must contain the user imported ones in Firefox, and if a…
WesternGun
  • 11,303
  • 6
  • 88
  • 157
5
votes
3 answers

validating X.509 certificate on linux

I have just started working with X.509 certificates. Can any one tell me how to go about validating a certificate on linux? The use case is that my app had downloaded a certificate in a previous session and I have to check if it is still valid…
341008
  • 9,862
  • 11
  • 52
  • 84
5
votes
4 answers

How to add ciphers to curl in php?

I am trying to use php curl to connect to a site, but get the error "no common encryption algorithm". Further investigation, and I think this has something to do with NSS? I've discovered that from the command line, I can reproduce the error (so the…
Benubird
  • 18,551
  • 27
  • 90
  • 141
5
votes
1 answer

FIPS compliant SSH library for Java

I want to implement SCP (Secure Copy) functionality in my Java application to copy a file from the SSH server to another machine. My java application must be FIPS compliant and hence it uses SunPKCS11 provider to interface with the underlying NSS…
Sanjay Bhat
  • 171
  • 1
  • 1
  • 9
1
2 3
11 12