14
edits
NSS Shared DB Howto: Difference between revisions
m
changed suggested location to ~/.pki/nssdb
No edit summary |
m (changed suggested location to ~/.pki/nssdb) |
||
| Line 70: | Line 70: | ||
Now let's create a shared location in a separate directory. We'll move the files from the Firefox profile over to the shared location. We'll create symbolic links in order to enable NSS to find the files. | Now let's create a shared location in a separate directory. We'll move the files from the Firefox profile over to the shared location. We'll create symbolic links in order to enable NSS to find the files. | ||
mkdir ~/nssdb | mkdir ~/.pki/nssdb | ||
mv -i key4.db cert9.db ~/nssdb | mv -i key4.db cert9.db ~/.pki/nssdb | ||
ln -s ~/nssdb/key4.db . | ln -s ~/.pki/nssdb/key4.db . | ||
ln -s ~/nssdb/cert9.db . | ln -s ~/.pki/nssdb/cert9.db . | ||
Now we'll issue the certutil command that merges your Thunderbird certificate database into the shared database. | Now we'll issue the certutil command that merges your Thunderbird certificate database into the shared database. | ||
cd ~/.thunderbird/yourprofile | cd ~/.thunderbird/yourprofile | ||
certutil --merge -d ~/nssdb --source-dir . | certutil --merge -d ~/.pki/nssdb --source-dir . | ||
You must enter passwords as required. Wait until the merge completes. | You must enter passwords as required. Wait until the merge completes. | ||
rm key4.db cert9.db | rm key4.db cert9.db | ||
ln -s ~/nssdb/key4.db . | ln -s ~/.pki/nssdb/key4.db . | ||
ln -s ~/nssdb/cert9.db . | ln -s ~/.pki/nssdb/cert9.db . | ||
That's it. Start Firefox and Thunderbird as you wish, enjoy the shared db feature. But remember, you must always have the environment variable set, or the applications will use your old non-merged db. | That's it. Start Firefox and Thunderbird as you wish, enjoy the shared db feature. But remember, you must always have the environment variable set, or the applications will use your old non-merged db. | ||
| Line 92: | Line 92: | ||
Please note that the shared database access is slower than the old one. It can be very slow when your files are stored on a remote file system, such as NFS. You should find a solution to have your files on your local system. | Please note that the shared database access is slower than the old one. It can be very slow when your files are stored on a remote file system, such as NFS. You should find a solution to have your files on your local system. | ||
The above example uses a directory named ~/nssdb. | The above example uses a directory named ~/.pki/nssdb. | ||
Usually Mozilla applications use a random component for the directory name. Should a web application ever have an exploit that allows to access/read files with known names from a user's system, having the salt component is an additional security measure to makes exploiting harder. Therefore, instead of using the name nssdb, it would be reasonable to use a non-predictable directory name like ~/nssdb_random9384. | Usually Mozilla applications use a random component for the directory name. Should a web application ever have an exploit that allows to access/read files with known names from a user's system, having the salt component is an additional security measure to makes exploiting harder. Therefore, instead of using the name nssdb, it would be reasonable to use a non-predictable directory name like ~/.pki/nssdb_random9384. | ||