I'm developing this application to be used speceifically with Firefox (it's for internal use). Basically, we're using the sun.security stuff to read Firefox's KeyStore and sign data with the certs we get.

I've tested this on several machines and the results are varying, I can't seem to pinpoint the reason.

I've tested it on the latest ubuntu release, Firefox 3.6.13, using Java version 1.6.0_22, it works there. I also have a Windows XP laptop with the same Firefox version using Java version 1.6.0_17, where it works as well.

There are 2 other Windows XP laptops that it will not work on, giving the same error. They're running the same version of Firefox and using java version 1.6.0_17.

The error is:

java.security.ProviderException: Could not initialize NSS
    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:183)
    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:86)
    at SignedMessage.SigningApplet.initializeCrypto(SigningApplet.java:327)
    at SignedMessage.SigningApplet.init(SigningApplet.java:84)
    at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: The specified procedure could not be found.
    at sun.security.pkcs11.Secmod.nssLoadLibrary(Native Method)
    at sun.security.pkcs11.Secmod.initialize(Secmod.java:186)
    at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:179)
    ... 5 more
Exception: java.security.ProviderException: Could not initialize NSS

From what I can tell it can't find the native nssLoadLibrary routine? The configuration file is pointing it to the Firefox install directory (where it can grab the nss3.dll or libnss3.so file). It does this across all pc's and all the paths in the configuration seem to be valid.

A sample config file, for what it's worth:

name=NSS
nssDbMode=readOnly
nssModule=keystore
nssSecmodDirectory="C:\\Documents and Settings\\user\\Application     Data\\Mozilla\\firefox\\Profiles/8bzd2qqm.default"
nssLibraryDirectory=C:\Program Files\Mozilla Firefox

I was hoping someone would have a clue, or maybe some tips on getting further with debugging. I'm at a loss here.

I'm likely much too late for this to be of use to you, but I was having similar problems, and adding dist\WINXXX_DBG.OBJ\lib to my PATH resolved this issue.

Quick answer: Use the x86 jdk not the x64 jdk with NSS and JSS

Quick test against a NSS certificate database:

keytool -list -v -storetype pkcs11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg NSS_CONFIG_FIPS

where NSS_CONFIG_FIPS is the path to a config file pointing to an NSS database. This command will fail with a stack trace that matches the questioners error if it is a JDK issue and succeed if the JDK is configured properly (and if the config file is correct)

Note that my stack trace included the message:

Caused by: java.io.IOException: %1 is not a valid Win32 application.

I ran dumpbin /headers on the NSS dlls and found that the Mozilla built binaries are all 32 bit. I installed the x86 jdk and repointed JAVA_HOME. Everything began working.

To Vivek's point, NSS and the accompanying executables are very sensitive to the presence of the libraries. Be sure all of the .dll, .lib, and .chk files are present on the path. In particular, modutil.exe will fail certain commands without the chk files and the error messages are not helpful. Your NSS lib folder will need to include the NSS and NSPR lib folders, the jss4.dll and jss4.lib files, and the jss4.jar.

Also note that if you build NSS yourself, the libaries will not be signed with an approved code signing cert which will cause problems with JCA.