NSS Shared DB not working with SunPKCS11
-
21-06-2021 - |
質問
I have configured NSS 3.12.4 to work with my java program using SunPKCS11 provider in FIPS mode and everything works great. Now i am following the steps mentioned in https://blogs.oracle.com/meena/entry/what_s_new_in_nss1 to make NSS work as a shared database.
When i configured NSS in shared db mode, secmod.db file gets replaced with pkcs11.txt as expected. But now SunPKCS11 failed to initialize, since there seems to be a check for secmod.db during initialization. I also tried prefixing configDir with sql:, but that also dont work.
I am getting following exception.
Caused by: java.io.FileNotFoundException: /etc/nss/secmod.db
at sun.security.pkcs11.Secmod.initialize(Secmod.java:181)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:179)
Anyone tried NSS shared db with java or any way to work around this problem?
解決
To get this to work for me I have taken two additional steps.
- Create an empty secmod.db using touch - The Java code is just checking it exists, it doesn't actually use it.
- Set the default database type before starting the Java process 'export NSS_DEFAULT_DB_TYPE=sql'
With these two changes I now have a server side process using NSS to load it's keys.