MozillaWiki

NSS Shared DB Howto

Revision as of 23:36, 4 August 2008 by Kaie (talk | contribs) (initial version)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This document explains how to manually enable the shared DB feature in Mozilla applications.

It requires that all applications use NSS 3.12 (final) or later, which is shipped as part of Firefox 3.

It requires the use of NSS' certutil command line tool.


If you'd like to share data between Firefox 3 and Thunderbird 2, you must ensure that TB 2 does not use the old NSS library that came with it.

Ensuring a common NSS library is easy on operating systems that install NSS as a system package. Those (usually) ship the Firefox and Thunderbird applications without (an additional copy of) NSS.

On Linux/Unix/OSX based systems you should be able to simply replace old NSS libraries with newer ones.

On Microsoft Windows operating systems this might not work. For example, Thunderbird 2 and Firefox 3 link against different versions of the C runtime libraries and use different memory allocation libraries. Trying to use Thunderbird 2 with the NSS libraries that come as part of Firefox 3 is not advised and will result in random crashes.


Here are step by step instructions, assuming you are running on a Linux/Unix/OSX system with a bash-style shell, have ensured the common NSS library detail, and have obtained the certutil tool from version NSS 3.12.


Set environment variable NSS_DEFAULT_DB_TYPE to value "sql". You must ensure this environment variable is set when executing any of the thunderbird/firefox/certutil commands below.

You can do this by adding the following line to your ~/.bashrc file: 

 export NSS_DEFAULT_DB_TYPE="sql"

And the following line to your ~/.cshrc file: 

 setenv NSS_DEFAULT_DB_TYPE "sql"

Then logout and log back into your OS session. Now open a terminal. 

 cd ~/.thunderbird/yourprofile
 ls *.db

This directory should contain key3.db and cert8.db files, but no key4.db and no cert9.db files 

 mkdir backup-db
 cp *.db backup-db

start thunderbird access security features, e.g. open cert manager wait while your certificate database gets converted (stalling UI) quit thunderbird 

 ls *.db

now you should have files key4.db and cert9.db 

 cd ~/.mozilla/firefox/yourprofile
 ls *.db

This directory should contain key3.db and cert8.db files, but no key4.db and no cert9.db files 

 mkdir backup-db
 cp *.db backup-db

start firefox access security features, e.g. open cert manager wait while your certificate database gets converted (stalling UI) quit firefox 

 ls *.db

now you should have files key4.db and cert9.db

(still in firefox directory) 

 mkdir ~/nssdb
 mv -i key4.db cert9.db ~/nssdb
 ln -s ~/nssdb/key4.db .
 ln -s ~/nssdb/cert9.db .

 cd ~/.thunderbird/yourprofile
 certutil --merge -d ~/nssdb --source-dir .

enter passwords as required wait until data gets merged 

 rm key4.db cert9.db
 ln -s ~/nssdb/key4.db .
 ln -s ~/nssdb/cert9.db .

all done, start firefox and thunderbird as you wish, enjoy the shared db feature but remember, you must always have the environment variable enabled, or the applications will use your old non-merged db

you may repeat the merge and symlink steps for additional profiles

Retrieved from "https://wiki.mozilla.org/index.php?title=NSS_Shared_DB_Howto&oldid=102823"