Ignore:
Timestamp:
11/18/2016 07:13:46 AM (7 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
539dd69d
Parents:
1c929a6d
Message:

Introduce complete PKI seutp for CA Certificates page. Fixes #8507.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@17975 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:
1 edited

Legend:

Unmodified
Added
Removed

  • postlfs/security/nss.xml

    r1c929a6d r4a16903  
    104104    <bridgehead renderas="sect4">Recommended</bridgehead>
    105105    <para role="recommended">
    106       <xref linkend="sqlite"/>
     106      <xref linkend="sqlite"/> and <xref linkend="p11-kit"/> (runtime)
    107107    </para>
    108108
     
    204204      the system version of sqlite.
    205205    </para>
     206
     207  </sect2>
     208
     209  <sect2 role="configuration">
     210    <title>Configuring NSS</title>
     211
     212    <para>If <xref linkend="p11-kit"/> is installed,
     213    <filename>/usr/lib/libp11-kit.so</filename> can be used as a drop-in
     214    replacement for <filename>/usr/lib/libnssckbi.so</filename> to
     215    transparently make the system CAs available to
     216    <application>NSS</application> aware applications, rather than the static
     217    list provided by <filename>/usr/lib/libnssckbi.so</filename>. As the
     218    <systemitem class="username">root</systemitem> user, execute the following
     219    commands:</para>
     220
     221<screen role="root"><userinput>readlink /usr/lib/libnssckbi.so || \
     222mv -v /usr/lib/libnssckbi.so /usr/lib/libnssckbi.so.orig &amp;&amp;
     223ln -sfv libp11-kit.so /usr/lib/libnssckbi.so</userinput></screen>
     224
     225    <para>Additionally, for dependent applicaions that do not use the internal
     226    database (<filename>/usr/lib/libnssckbi.so</filename>), the
     227    <filename>make-ca.sh</filename> script, incldued on the
     228    <xref linkend="cacerts"/> page, will gernerate a system wide NSS DB.</para>
    206229
    207230  </sect2>
Note: See TracChangeset for help on using the changeset viewer.