I am working on CentOS, and I have NSS 3.19.1
I am trying to add a client certificate with rsa private key to the NSS database.
Im working inside of /etc/pki/nssdb and it has the contents:
cert8.db
cert9.db
key3.db
key4.db
pkcs11.txt
secmod.db
I know the cert8, key3, and secmod are the old formats for the db.
But whatever command i run i either get:
SEC_ERROR_BAD_DATABASE
or
SEC_ERROR_LEGACY_DATABASE
I thought i had the updated database with the cert9, key4, and pkcs11 files.
Can anyone help with this issue?
secmod.db has no modules contained, the SEC_ERROR_LEGACY_DATABASE also occurs. It's very tricky because the error message has nothing to do with the real cause. I see it as a bug.So, add a module to the secmod.db first.
modutil -add "some name" -libfile some_so_file_to_load -dbdir "/the/dir/where/the/secmod/is/located/" -secmod secmod.db
-dbdir accepts one directory as a proper value. Don't go deeper to the file itself.
secmod.db. In my case, it fails because I don't have a write permission. Running as root a chown may fix it.So, try this:
sudo -s
chown your_user_name /the/secmod/dir/secmod.db
Then, try to add the module and run a modutil -list to check if it's added.
At last, add your certificate to it. It will work. The extension of the db file has nothing to do.