What's in the /etc/pki/nssdb database?

Question

So, these files aren't empty...

[ root@localhost ] # ls -l
total 248
-rw-r--r--. 1 root root 65536 Jan 12  2010 cert8.db
-rw-r--r--. 1 root root 65536 Dec 23  2013 cert8.db.orig
-rw-r--r--. 1 root root  9216 Jan 12  2010 cert9.db
-rw-r--r--. 1 root root  9216 Dec 23  2013 cert9.db.orig
-rw-r--r--. 1 root root 16384 Jan 12  2010 key3.db
-rw-r--r--. 1 root root 16384 Dec 23  2013 key3.db.orig
-rw-r--r--. 1 root root 11264 Jan 12  2010 key4.db
-rw-r--r--. 1 root root 11264 Dec 23  2013 key4.db.orig
-rw-r--r--. 1 root root   451 Jul  8 10:10 pkcs11.txt
-rw-r--r--. 1 root root   451 Dec 23  2013 pkcs11.txt.orig
-rw-r--r--. 1 root root 16384 Jan 12  2010 secmod.db
-rw-r--r--. 1 root root 16384 Dec 23  2013 secmod.db.orig

However, certutil doesn't tell me anything:

[ root@localhost ] # certutil -L -d /etc/pki/nssdb

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI


[ root@localhost ] # certutil -K -d /etc/pki/nssdb
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
certutil: no keys found

I'm working on setting up RHDS9 to run under SSL. Should I try to use the /etc/pki/nssdb database, or create my own? I can't really answer that without knowing what's already there...

(And, if you say "roll your own," I still want to know what's in there, and why I see file sizes of 2^14 and 2^16 exactly.)

Check out these links: http://www.linuxsysadmintutorials.com/extract-pem-certificates-and-keys-from-a-shared-nss-db/ & https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools — slm, Aug 25 '14 at 05:05

What's in the /etc/pki/nssdb database?

0 Answers0