First, import your certificate into the GNOME keyring with:
gnome-keyring import /path/to/certificate.p12
Now exit every application you can, particularly your browser and mail client. Kill evolution-data-server too.
Find all instances of the nss security module database on your homedir, and for each one (a) test to make sure it's not open and (b) install the gnome-keyring PKCS#11 provider in it. The following shell script snippet will do this for you. Just copy and paste it onto your command line:
for f in $(find . -maxdepth 5 -name secmod.db -type f 2>/dev/null ); do echo "Testing: `basename $f`" if fuser `dirname $f`/cert8.db >&/dev/null; then echo -n "In use by: "; fuser `dirname $f`/cert8.db; echo " - Skipping" else modutil -force -dbdir `dirname $f` -add GnomeKeyring \ -libfile /usr/lib/gnome-keyring/gnome-keyring-pkcs11.so fi done
Now all your NSS-based apps should know about gnome-keyring and use the gnome-keyring certificate store.
If you use Evolution and want client certificate support, patch evolution-data-server as per GNOME bug 270893 to enable that too. It'll use gnome-keyring automatically.
Post a Comment
Captchas suck. Bots suck more. Sorry.