Enhancement #2248

Store root server certificate in NSS database

Added by Davide Principi almost 8 years ago. Updated almost 8 years ago.

Status:CLOSEDStart date:09/25/2013
Priority:NormalDue date:09/25/2013
Assignee:-% Done:

100%

Category:nethserver-base
Target version:v6.4-beta2
Resolution: NEEDINFO:No

Description

Some applications (see #1957) use Mozilla NSS database to store certificates and private keys.

The self-signed certificate, generated by certificate-update event must be stored into multiple NSS databases.

Related issues

Related to NethServer 6 - Feature #1957: VPN: support IPsec/L2TP CLOSED 09/17/2013 09/20/2013

Associated revisions

Revision 87f2672b
Added by Davide Principi almost 8 years ago

nethserver-base-synchronize-nssdb: generic action that loads /etc/pki/tls/*/NSRV.{key,crt} into the given NSS db path (/etc/pki/nssdb by default). Refs #2248

History

#1 Updated by Davide Principi almost 8 years ago

Background informations about NSS are available from FedoraProject:

https://fedoraproject.org/wiki/FedoraCryptoConsolidation

#2 Updated by Davide Principi almost 8 years ago

  • Status changed from TRIAGED to ON_DEV
  • % Done changed from 20 to 30

#3 Updated by Davide Principi almost 8 years ago

  • Assignee set to Davide Principi

#4 Updated by Davide Principi almost 8 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

QA Note
Only a new script has been added to this package. To test it execute QA on #1957.

#5 Updated by Davide Principi almost 8 years ago

In nethserver-testing:
nethserver-base-1.4.1-10.0git148d5133.ns6.noarch

#6 Updated by Davide Principi almost 8 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

#7 Updated by Giacomo Sanchietti almost 8 years ago

  • Assignee set to Giacomo Sanchietti

#8 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

IPSsec daemon uses NSS database in /etc/ipsec.d directory.
Certificate is correctly managed (from /var/log/messages): 

Oct 16 10:28:05 fw esmith::event[24843]: Running event handler: /etc/e-smith/events/nethserver-ipsec-update/S30nethserver-ipsec-synchronize-nssdb
Oct 16 10:28:05 fw esmith::event[24843]: pk12util: PKCS12 IMPORT SUCCESSFUL

Marking as VERIFIED.

#9 Updated by Giacomo Sanchietti almost 8 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
In nethserver-updates:
  • nethserver-base-1.4.3

Also available in: Atom PDF