diff options
Diffstat (limited to 'security/nss/doc/certutil.xml')
| -rw-r--r-- | security/nss/doc/certutil.xml | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/security/nss/doc/certutil.xml b/security/nss/doc/certutil.xml index 4622c75e4..5c3b3501a 100644 --- a/security/nss/doc/certutil.xml +++ b/security/nss/doc/certutil.xml @@ -84,7 +84,7 @@ <varlistentry> <term>-F</term> - <listitem><para>Delete a private key and the associated certificate from a database. Specify the key to delete with the -n argument. Specify the database from which to delete the key with the + <listitem><para>Delete a private key and the associated certificate from a database. Specify the key to delete with the -n argument or the -k argument. Specify the database from which to delete the key with the <option>-d</option> argument. </para> <para> @@ -258,7 +258,8 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their <varlistentry> <term>-h tokenname</term> - <listitem><para>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</para></listitem> + <listitem><para>Specify the name of a token to use or act on. If not specified the default token is the internal database slot.</para> + <para>The name can also be a PKCS #11 URI. For example, the NSS internal certificate store can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB". For details about the format, see RFC 7512.</para></listitem> </varlistentry> <varlistentry> @@ -292,7 +293,8 @@ Add one or multiple extensions that certutil cannot encode yet, by loading their <varlistentry> <term>-n nickname</term> - <listitem><para>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</para></listitem> + <listitem><para>Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate. Bracket the nickname string with quotation marks if it contains spaces.</para> + <para>The nickname can also be a PKCS #11 URI. For example, if you have a certificate named "my-server-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my-server-cert". For details about the format, see RFC 7512.</para></listitem> </varlistentry> <varlistentry> @@ -1017,9 +1019,11 @@ certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and slot: NSS User Private Key and Certificate Services token: NSS Certificate DB + uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 slot: NSS Internal Cryptographic Services - token: NSS Generic Crypto Services</programlisting> + token: NSS Generic Crypto Services + uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203</programlisting> <para><command>Adding Certificates to the Database</command></para> <para> |