diff options
Diffstat (limited to 'security/nss/doc/nroff/vfychain.1')
-rw-r--r-- | security/nss/doc/nroff/vfychain.1 | 169 |
1 files changed, 169 insertions, 0 deletions
diff --git a/security/nss/doc/nroff/vfychain.1 b/security/nss/doc/nroff/vfychain.1 new file mode 100644 index 000000000..d5e37e4d8 --- /dev/null +++ b/security/nss/doc/nroff/vfychain.1 @@ -0,0 +1,169 @@ +'\" t +.\" Title: VFYCHAIN +.\" Author: [see the "Authors" section] +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 5 June 2014 +.\" Manual: NSS Security Tools +.\" Source: nss-tools +.\" Language: English +.\" +.TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +vfychain_ \- vfychain [options] [revocation options] certfile [[options] certfile] \&.\&.\&. +.SH "SYNOPSIS" +.HP \w'\fBvfychain\fR\ 'u +\fBvfychain\fR +.SH "STATUS" +.PP +This documentation is still work in progress\&. Please contribute to the initial review in +\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2 +.SH "DESCRIPTION" +.PP +The verification Tool, +\fBvfychain\fR, verifies certificate chains\&. +\fBmodutil\fR +can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&. +.PP +The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&. +.SH "OPTIONS" +.PP +\fB\-a\fR +.RS 4 +the following certfile is base64 encoded +.RE +.PP +\fB\-b \fR \fIYYMMDDHHMMZ\fR +.RS 4 +Validate date (default: now) +.RE +.PP +\fB\-d \fR \fIdirectory\fR +.RS 4 +database directory +.RE +.PP +\fB\-f \fR +.RS 4 +Enable cert fetching from AIA URL +.RE +.PP +\fB\-o \fR \fIoid\fR +.RS 4 +Set policy OID for cert validation(Format OID\&.1\&.2\&.3) +.RE +.PP +\fB\-p \fR +.RS 4 +Use PKIX Library to validate certificate by calling: +.sp +* CERT_VerifyCertificate if specified once, +.sp +* CERT_PKIXVerifyCert if specified twice and more\&. +.RE +.PP +\fB\-r \fR +.RS 4 +Following certfile is raw binary DER (default) +.RE +.PP +\fB\-t\fR +.RS 4 +Following cert is explicitly trusted (overrides db trust) +.RE +.PP +\fB\-u \fR \fIusage\fR +.RS 4 +0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA +.RE +.PP +\fB\-T \fR +.RS 4 +Trust both explicit trust anchors (\-t) and the database\&. (Without this option, the default is to only trust certificates marked \-t, if there are any, or to trust the database if there are certificates marked \-t\&.) +.RE +.PP +\fB\-v \fR +.RS 4 +Verbose mode\&. Prints root cert subject(double the argument for whole root cert info) +.RE +.PP +\fB\-w \fR \fIpassword\fR +.RS 4 +Database password +.RE +.PP +\fB\-W \fR \fIpwfile\fR +.RS 4 +Password file +.RE +.PP +.RS 4 +Revocation options for PKIX API (invoked with \-pp options) is a collection of the following flags: [\-g type [\-h flags] [\-m type [\-s flags]] \&.\&.\&.] \&.\&.\&. +.sp +Where: +.RE +.PP +\fB\-g \fR \fItest\-type\fR +.RS 4 +Sets status checking test type\&. Possible values are "leaf" or "chain" +.RE +.PP +\fB\-g \fR \fItest type\fR +.RS 4 +Sets status checking test type\&. Possible values are "leaf" or "chain"\&. +.RE +.PP +\fB\-h \fR \fItest flags\fR +.RS 4 +Sets revocation flags for the test type it follows\&. Possible flags: "testLocalInfoFirst" and "requireFreshInfo"\&. +.RE +.PP +\fB\-m \fR \fImethod type\fR +.RS 4 +Sets method type for the test type it follows\&. Possible types are "crl" and "ocsp"\&. +.RE +.PP +\fB\-s \fR \fImethod flags\fR +.RS 4 +Sets revocation flags for the method it follows\&. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo"\&. +.RE +.SH "ADDITIONAL RESOURCES" +.PP +For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at +\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&. +.PP +Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto +.PP +IRC: Freenode at #dogtag\-pki +.SH "AUTHORS" +.PP +The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&. +.PP +Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&. +.SH "LICENSE" +.PP +Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&. +.SH "NOTES" +.IP " 1." 4 +Mozilla NSS bug 836477 +.RS 4 +\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477 +.RE |