diff options
Diffstat (limited to 'security/nss/doc/nroff/certutil.1')
-rw-r--r-- | security/nss/doc/nroff/certutil.1 | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/security/nss/doc/nroff/certutil.1 b/security/nss/doc/nroff/certutil.1 index 80a02fc27..b6a2e90b2 100644 --- a/security/nss/doc/nroff/certutil.1 +++ b/security/nss/doc/nroff/certutil.1 @@ -2,12 +2,12 @@ .\" Title: CERTUTIL .\" Author: [see the "Authors" section] .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> -.\" Date: 27 October 2017 +.\" Date: 5 October 2017 .\" Manual: NSS Security Tools .\" Source: nss-tools .\" Language: English .\" -.TH "CERTUTIL" "1" "27 October 2017" "nss-tools" "NSS Security Tools" +.TH "CERTUTIL" "1" "5 October 2017" "nss-tools" "NSS Security Tools" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- @@ -92,15 +92,11 @@ Add an email certificate to the certificate database\&. .PP \-F .RS 4 -Delete a private key from a key database\&. Specify the key to delete with the \-n argument\&. Specify the database from which to delete the key with the +Delete a private key and the associated certificate from a database\&. Specify the key to delete with the \-n argument or the \-k argument\&. Specify the database from which to delete the key with the \fB\-d\fR -argument\&. Use the -\fB\-k\fR -argument to specify explicitly whether to delete a DSA, RSA, or ECC key\&. If you don\*(Aqt use the -\fB\-k\fR -argument, the option looks for an RSA key matching the specified nickname\&. +argument\&. .sp -When you delete keys, be sure to also remove any certificates associated with those keys from the certificate database, by using \-D\&. Some smart cards do not let you remove a public key you have generated\&. In such a case, only the private key is deleted from the key pair\&. You can display the public key with the command certutil \-K \-h tokenname\&. +Some smart cards do not let you remove a public key you have generated\&. In such a case, only the private key is deleted from the key pair\&. .RE .PP \-G @@ -321,6 +317,8 @@ Set a key size to use when generating new public and private key pairs\&. The mi \-h tokenname .RS 4 Specify the name of a token to use or act on\&. If not specified the default token is the internal database slot\&. +.sp +The name can also be a PKCS #11 URI\&. For example, the NSS internal certificate store can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB"\&. For details about the format, see RFC 7512\&. .RE .PP \-i input_file @@ -348,6 +346,8 @@ Assign a unique serial number to a certificate being created\&. This operation s \-n nickname .RS 4 Specify the nickname of a certificate or key to list, create, add to a database, modify, or validate\&. Bracket the nickname string with quotation marks if it contains spaces\&. +.sp +The nickname can also be a PKCS #11 URI\&. For example, if you have a certificate named "my\-server\-cert" on the internal certificate store, it can be unambiguously specified as "pkcs11:token=NSS%20Certificate%20DB;object=my\-server\-cert"\&. For details about the format, see RFC 7512\&. .RE .PP \-o output\-file @@ -1579,9 +1579,11 @@ $ certutil \-U \-d sql:/home/my/sharednssdb slot: NSS User Private Key and Certificate Services token: NSS Certificate DB + uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services + uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 .fi .if n \{\ .RE |