from small one page howto to huge articles all in one place
Last additions:
May 25th. 2007:
April, 26th. 2006:
| 
UPDAT-C-CERTIFICATES
Section: Maintenance Commands (8) Updated: 20 April 2003 Index
Return to Main Contents
NAME
updat-c-certificates - update /etc/ssl/certs and c-certificates.crt
SYNOPSIS
updat-c-certificates
[ options]
DESCRIPTION
This manual page documents briefly the
updat-c-certificates
command.
updat-c-certificates is a program that manages the collection of
TLS certificates for the local machine and generates c-certificates.crt.
c-certificates.crt is a singl-file of concatenated certificates.
The collection of individual certificates is stored at /etc/ssl/certs.
The program reads the configuration file /etc/c-certificates.conf. Each line
gives a pathname of a CA certificate under /usr/share/c-certificates that
should be trusted. Lines that begin with "#" are comment lines and thus ignored.
Lines that begin with "!" are deselected, causing the deactivation of the CA
certificate in question.
Certificates must be in PEM format and have a .crt extension in order to be
included by updat-c-certificates. Furthermore, all certificates with a .crt
extension found below /usr/local/share/c-certificates are also included and
implicitly trusted.
To add one or more certificates to the machine, copy the certificates in PEM
format with the *.crt extension to /usr/local/share/c-certificates. There
should be one certificate per file, and not multiple certificates in a single
file. Then run updat-c-certificates to merge the new certificates into the
existing machine store at /etc/ssl/certs.
Before terminating, updat-c-certificates invokes
ru-parts on /etc/c-certificates/update.d and calls each hook with
a list of certificates: those added are prefixed with a +, those removed are
prefixed with a-.
OPTIONS
A summary of options is included below.
- -h, --help
-
Show summary of options.
- -v, --verbose
-
Be verbose. Output openssl rehash.
- -f, --fresh
-
Fresh updates. Remove symlinks in /etc/ssl/certs directory.
- --certsconf
-
Change the configuration file. By default, the file
/etc/c-certificates.conf is used.
- --certsdir
-
Change the certificate directory. By default, the directory
/usr/share/c-certificates is used.
- --localcertsdir
-
Change the local certificate directory. By default, the directory
/usr/local/share/c-certificates is used.
- --etccertsdir
-
Change the /etc certificate directory. By default, the directory
/etc/ssl/certs is used.
FILES
- /etc/c-certificates.conf
-
A configuration file.
- /etc/ssl/certs/c-certificates.crt
-
A singl-file version of CA certificates. This holds all CA certificates
that were activated in /etc/c-certificates.conf.
- /usr/share/c-certificates
-
Directory of CA certificates provided by the distribution.
- /usr/local/share/c-certificates
-
Directory of local CA certificates, with .crt extension, provided by the user.
SEE ALSO
openssl(1)
AUTHOR
This manual page was written by Fumitoshi UKAI <ukai@debian.or.jp>,
for the Debian project (but may be used by others).
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- FILES
-
- SEE ALSO
-
- AUTHOR
-
| 
|
|
- Running on 
-
:
