gecko-dev/security/nss/lib/ckfw/builtins
Kai Engert 272a11b589 Bug 528277, Release NSS 3.12.4 + new roots to Mozilla
approval-1.9.2=johnath (comment 3)
2009-12-04 07:04:06 +01:00
..
anchor.c Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
bfind.c Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
binst.c Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
bobject.c Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
bsession.c Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
bslot.c Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
btoken.c Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
builtins.h Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
certdata.c Bug 528277, Release NSS 3.12.4 + new roots to Mozilla 2009-12-04 07:04:06 +01:00
certdata.perl Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
certdata.txt Bug 528277, Release NSS 3.12.4 + new roots to Mozilla 2009-12-04 07:04:06 +01:00
ckbiver.c Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
config.mk Bug 504080: Update NSS from NSS_3_12_4_FIPS1_WITH_CKBI_1_75 to 2009-07-28 17:01:39 -07:00
constants.c Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
Makefile Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
manifest.mn Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
nssckbi.def Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
nssckbi.h Bug 528277, Release NSS 3.12.4 + new roots to Mozilla 2009-12-04 07:04:06 +01:00
nssckbi.rc Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00
README Import NSS_3_12_RC4 2008-06-06 08:40:11 -04:00

This README file explains how to add a builtin root CA certificate to NSS
or remove a builtin root CA certificate from NSS.

The builtin root CA certificates in NSS are stored in the nssckbi PKCS #11
module. The sources to the nssckbi module are in this directory.

I. Adding a Builtin Root CA Certificate

You need to use the addbuiltin command-line tool to add a root CA certificate
to the nssckbi module. In the procedure described below, we assume that the
new root CA certificate is distributed in DER format in the file newroot.der.

1. Add the directory where the addbuiltin executable resides to your PATH
environment variable. Then, add the directory where the NSPR and NSS shared
libraries (DLLs) reside to the platform-specific environment variable that
specifies your shared library search path: LD_LIBRARY_PATH (most Unix
variants), SHLIB_PATH (32-bit HP-UX), LIBPATH (AIX), or PATH (Windows).

2. Copy newroot.der to this directory.

3. In this directory, run addbuiltin to add the new root certificate. The
argument to the -n option should be replaced by the nickname of the root
certificate. Then run "gmake generate".

    % addbuiltin -n "Nickname of the Root Certificate" -t C,C,C < newroot.der >> certdata.txt
    % gmake generate

4. Edit nssckbi.h to bump the version of the module.

5. Run gmake in this directory to build the nssckbi module.

6. After you verify that the new nssckbi module is correct, check in
certdata.txt, certdata.c, and nssckbi.h.

II. Removing a Builtin Root CA Certificate

1. Change directory to this directory.

2. Edit certdata.txt and remove the root CA certificate.

3. Run "gmake generate".

4. Edit nssckbi.h to bump the version of the module.

5. Run gmake in this directory to build the nssckbi module.

6. After you verify that the new nssckbi module is correct, check in
certdata.txt, certdata.c, and nssckbi.h.