NSS: client certificate not found (nickname not specified)?
I'm trying to access a third-party service via PHP curl on a Centos 6 system which comes with curl and libcurl compiled against NSS instead of OpenSSL.
This is causing problems for me, every time I try to access the service I get this error NSS: client certificate not found (nickname not specified).
My understanding is that I need to install the certificates in the NSS database.
I'm looking for step by step instructions on how to do this (keep in mind, I need this to work with PHP curl functions called from Nginx server)
Thanks
Answer
Try prefixing the certificate filename with "./", or using the full path. From the curl manpage:
If curl is built against the NSS SSL library then this option [--cert] can tell curl the nickname of the certificate to use within the NSS database defined by the environment variable SSL_DIR (or by default /etc/pki/nssdb). If the NSS PEM PKCS#11 module (lib- nsspem.so) is available then PEM files may be loaded. If you want to use a file from the current directory, please precede it with "./" prefix, in order to avoid confusion with a nickname.
(emphasis mine)
Alternatively, some instructions for importing into the NSS certificate database are here, although I have not used them: http://rcritten.fedorapeople.org/nss_compat_ossl.html