How to import ca-certificates to global NSS db?

asked 2014-02-14 03:57:53 -0500

faux gravatar image

I read in the Fedora wiki that there exists something like a shared CA store between OpenSSL, NSS, GnuTLS, etc. I want to use NSS to connect to a server with a valid certificate (i.e. signed by a CA in the ca-certificates list), but the client always mentions that the certificate is not trusted.

I use /etc/pki/nssdb as my NSS database, but even libnssckbi.so.x86_64 links to /usr/lib64/pkcs11/p11-kit-trust.so (which is responsible for the CA store "sharing" to work, according to the wiki entry), no certificates are listed in that store when querying with certutil.

Is there a manual import required to pull the ca-certificates into that NSS db, or am I just using the wrong db?

edit retag flag offensive close merge delete