Skip to content

Debugging NSS

Endi S. Dewata edited this page Jul 23, 2022 · 2 revisions

Installing NSS Debug Packages

$ yum install yum-utils
$ debuginfo-install nss

Enabling NSS Debug Logs

The NSS security libraries provide the crypto foundation around which all of the Dogtag services are derived. This section gives example on how to debug NSS (PKCS11) in the Dogtag server.

Find the name of the PKCS #11 module:

$ modutil -list -nocertdb -dbdir /var/lib/pki/pki-tomcat/alias

To debug the client, specify the following environment variables:

$ export NSPR_LOG_MODULES="all:5"
$ export NSPR_LOG_FILE="/tmp/pkcs11.log"
$ export NSS_DEBUG_PKCS11_MODULE="NSS Internal PKCS #11 Module"

To debug the server, specify the environment variables in /etc/sysconfig/pki-tomcat:

NSPR_LOG_MODULES="all:5"
NSPR_LOG_FILE="/tmp/pki-tomcat.log"
NSS_DEBUG_PKCS11_MODULE="NSS Internal PKCS #11 Module"

Then start/restart the server:

$ systemctl start [email protected]

The log messages will be written into the specified log file.

See Also