p11-kit-0.23.15
Installation of p11-kit
Prepare the distribution specific anchor hook:
sed '20,$ d' -i trust/trust-extract-compat.in &&
cat >> trust/trust-extract-compat.in << "EOF"
# Copy existing anchor modifications to /etc/ssl/local
/usr/libexec/make-ca/copy-trust-modifications
# Generate a new trust store
/usr/sbin/make-ca -f -g
EOF
Install p11-kit by running the
following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--with-trust-paths=/etc/pki/anchors &&
make
To test the results, issue: make
check.
Now, as the root
user:
make install &&
ln -s /usr/libexec/p11-kit/trust-extract-compat \
/usr/bin/update-ca-certificates
Command Explanations
--with-trust-paths=/etc/pki/anchors
:
this switch sets the location of trusted certificates used by
libp11-kit.so.
--with-hash-impl=freebl
: Use this
switch if you want to use the Freebl library from NSS for SHA1 and MD5 hashing.
--enable-doc
: Use this switch if you
have installed GTK-Doc-1.29 and libxslt-1.1.33
and wish to rebuild the documentation and generate manual pages.
Configuring p11-kit
The p11-kit trust module
(/usr/lib/pkcs11/p11-kit-trust.so
)
can be used as a drop-in replacement for /usr/lib/libnssckbi.so
to transparently make the
system CAs available to NSS aware
applications, rather than the static list provided by /usr/lib/libnssckbi.so
. As the root
user, execute the following commands:
ln -sfv ./pkcs11/p11-kit-trust.so /usr/lib/libnssckbi.so
Contents
Installed Programs:
p11-kit and trust
Installed Libraries:
libp11-kit.so and p11-kit-proxy.so
Installed Directories:
/etc/pkcs11, /usr/include/p11-kit-1,
/usr/lib/{p11-kit,pkcs11}, /usr/share/gtk-doc/html/p11-kit, and
/usr/share/p11-kit
Short Descriptions
p11-kit
|
is a command line tool that can be used to perform
operations on PKCS#11 modules configured on the system.
|
trust
|
is a command line tool to examine and modify the shared
trust policy store.
|
update-ca-certificates
|
is a command line tool to both extract local certificates
from an upadated anchor store, and regenerate all anchors
and certificate stores on the system.
|
libp11-kit.so
|
contains functions used to coordinate initialization and
finalization of any PKCS#11 module.
|
p11-kit-proxy.so
|
is the PKCS#11 proxy module.
|
Last updated on 2019-02-24 13:00:49 -0800