Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

secmod.db(5) [centos man page]

SECMOD.DB(5)						     Network Security Services						      SECMOD.DB(5)

NAME

       secmod.db - Legacy NSS security modules database

DESCRIPTION

       secmod.db is an NSS security modules database.

       The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the
       PKCS #11 API which NSS uses as its Services Provider Interface.

       The command line utility modutil is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.

       For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new
       sqlite-based shared database format for certificate and key databases.

FILES

       /etc/pki/nssdb/secmod.db

SEE ALSO

       modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)

AUTHORS

       The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

       Authors: Elio Maldonado <emaldona@redhat.com>.

LICENSE

       Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at
       http://mozilla.org/MPL/2.0/.

nss 3.15.4							   17 June 2014 						      SECMOD.DB(5)

Check Out this Related Man Page

VFYCHAIN(1)							NSS Security Tools						       VFYCHAIN(1)

NAME

       vfychain_ - vfychain [options] [revocation options] certfile [[options] certfile] ...

SYNOPSIS

       vfychain

STATUS

       This documentation is still work in progress. Please contribute to the initial review in Mozilla NSS bug 836477[1]

DESCRIPTION

       The verification Tool, vfychain, verifies certificate chains.  modutil can add and delete PKCS #11 modules, change passwords on security
       databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default
       providers for cryptographic operations. This tool can also create certificate, key, and module security database files.

       The tasks associated with security module database management are part of a process that typically also involves managing key databases and
       certificate databases.

OPTIONS

       -a
	   the following certfile is base64 encoded

       -b  YYMMDDHHMMZ
	   Validate date (default: now)

       -d  directory
	   database directory

       -f
	   Enable cert fetching from AIA URL

       -o  oid
	   Set policy OID for cert validation(Format OID.1.2.3)

       -p
	   Use PKIX Library to validate certificate by calling:

	   * CERT_VerifyCertificate if specified once,

	   * CERT_PKIXVerifyCert if specified twice and more.

       -r
	   Following certfile is raw binary DER (default)

       -t
	   Following cert is explicitly trusted (overrides db trust)

       -u  usage
	   0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner,
	   10=OCSP responder, 11=Any CA

       -T
	   Trust both explicit trust anchors (-t) and the database. (Without this option, the default is to only trust certificates marked -t, if
	   there are any, or to trust the database if there are certificates marked -t.)

       -v
	   Verbose mode. Prints root cert subject(double the argument for whole root cert info)

       -w  password
	   Database password

       -W  pwfile
	   Password file

	   Revocation options for PKIX API (invoked with -pp options) is a collection of the following flags: [-g type [-h flags] [-m type [-s
	   flags]] ...] ...

	   Where:

       -g  test-type
	   Sets status checking test type. Possible values are "leaf" or "chain"

       -g  test type
	   Sets status checking test type. Possible values are "leaf" or "chain".

       -h  test flags
	   Sets revocation flags for the test type it follows. Possible flags: "testLocalInfoFirst" and "requireFreshInfo".

       -m  method type
	   Sets method type for the test type it follows. Possible types are "crl" and "ocsp".

       -s  method flags
	   Sets revocation flags for the method it follows. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and
	   "failIfNoInfo".

ADDITIONAL RESOURCES

       For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
       http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates directly to NSS code changes and releases.

       Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

       IRC: Freenode at #dogtag-pki

AUTHORS

       The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.

       Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

LICENSE

       Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at
       http://mozilla.org/MPL/2.0/.

NOTES

	1. Mozilla NSS bug 836477
	   https://bugzilla.mozilla.org/show_bug.cgi?id=836477

nss-tools							 12 November 2013						       VFYCHAIN(1)
Man Page