Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

What component of NSS is read-only in the error message: "security library: read-only database."

  • 6 replies
  • 1 has this problem
  • 3 views
  • Last reply by Hasan

more options

After installing Firefox and booting. I load my PIV card using OpenSC as a "Security Device". After authenticating successfully with the card to one site, visiting sites.google.com errors with this message from Firefox.

security library: read-only database. (Error code: sec_error_read_only)

I can see this is an NSS based/related error, but even using modutil/certutil to create a new NSS database, I can still reproduce the error.

The interesting thing is if I then close down the browser, I can then go to sites.google.com just fine, but as soon as I authenticate with my PIV card in that session, I can produce the error.

After installing Firefox and booting. I load my PIV card using OpenSC as a "Security Device". After authenticating successfully with the card to one site, visiting sites.google.com errors with this message from Firefox. security library: read-only database. (Error code: sec_error_read_only) I can see this is an NSS based/related error, but even using modutil/certutil to create a new NSS database, I can still reproduce the error. The interesting thing is if I then close down the browser, I can then go to sites.google.com just fine, but as soon as I authenticate with my PIV card in that session, I can produce the error.

Modified by mzimmerman

All Replies (6)

more options

Hoping to add additional key information: Using OpenSC PKCS#11 library - version 0.12.2

Card functionality works great otherwise.

more options

Perform the suggestions mentioned in the following articles:

Check and tell if its working.

more options

You can check the secmod.db file and maybe cert8.db as well.

more options

Running in safe mode does not help, and I'm using default Firefox config for everything else. The secmod.db and cert8.db files are indeed the issue. Here's steps to reproduce:

  1. rm -rf ~/.mozilla
  2. firefox
  3. (quit firefox)
  4. modutil -add "OpenSC" -libfile /lib/opensc-pkcs11.so -mechanisms FRIENDLY -dbdir .mozilla/firefox/{randomprofilename}.default/ -force
  5. Authenticate to website with PIV card
  6. Visit sites.google.com

This is not a file-system level permissions issue with the various NSS .db files.

Modified by mzimmerman

more options
more options

To help other users find solutions, please return to this Thread and click on "Solved It" button Next to the reply ABOVE that BEST solved your Question

Note:- DO NOT click "Solved It" next to this reply