Custom Building NSS Lib for Mozilla Products

Mozilla in their great wisdom doesn't build their utility (addbuiltin) for adding extra root certificates when they build their main binaries (firefox/thunderbird) so you will need to do this prior to rebuilding libnss...

Step 1, getting the libnss source code:


Next extract both tar balls:

cd /usr/src
tar xzvf nss-3.10.tar.gz
tar xzvf nspr-4.6.tar.gz

You'll also need to more the nspr source tree into nss directory:

mv nspr-4.6/mozilla/nsprpub nss-3.10/mozilla/

Finally to build things you will need to do run make commands:

cd nss-3.10/mozilla/security/nss
make nss_build_all
cd cmd/addbuiltin

To run addbuiltin without installing mozilla libs you will need to do the following:

echo /usr/src/nss-3.10/mozilla/dist/Linux2.6_x86_glibc_PTH_DBG.OBJ/lib >> /etc/
cp -a Linux2.6_x86_glibc_PTH_DBG.OBJ/addbuiltin /usr/bin

Download a copy of the CAcert root certificate in DER format only. Then run the addbuiltin program that comes with NSS code:

addbuiltin -n "CAcert Inc." -t "CT,C,C" < CAcert.der >> certdata.txt

This will append the our root certificate to:


Then you need to run: (make sure you are in the mozilla/security/nss/lib/ckfw/builtins directory)

make generate

Then build NSS. The end result is in a new libnssckbi library, which depending on your architecture will end up in a file like:


Debian/Ubuntu Specific Notes

You need to grab a few packages on a fresh install:

apt-get -y install build-essential zip

NSSLib (last edited 2008-05-22 22:16:46 by anonymous)