mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-11-16 04:20:32 +01:00
5f6fb75167
bug753136, bug999893, bug1011090, bug1009785, bug1009794, bug421391, bug1011229, bug1013088, bug996237, bug970539, bug1016567, bug485732, bug334013, bug959864, bug1016836, bug1016811, bug1018536, bug996250, bug1009227, bug963150, bug1007126, bug952572, bug1021102, bug1020395, bug902171
27 lines
6.7 KiB
HTML
27 lines
6.7 KiB
HTML
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYCHAIN</title><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="VFYCHAIN"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYCHAIN</th></tr></table><hr></div><div class="refentry"><a name="vfychain"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfychain — vfychain [options] [revocation options] certfile [[options] certfile] ...</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfychain</code> </p></div></div><div class="refsection"><a name="idm233261246224"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
|
|
</p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The verification Tool, <span class="command"><strong>vfychain</strong></span>, verifies certificate chains. <span class="command"><strong>modutil</strong></span> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</p><p>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-a</code></span></dt><dd>the following certfile is base64 encoded</dd><dt><span class="term"><code class="option">-b </code> <em class="replaceable"><code>YYMMDDHHMMZ</code></em></span></dt><dd>Validate date (default: now)</dd><dt><span class="term"><code class="option">-d </code> <em class="replaceable"><code>directory</code></em></span></dt><dd>database directory</dd><dt><span class="term"><code class="option">-f </code> </span></dt><dd>Enable cert fetching from AIA URL</dd><dt><span class="term"><code class="option">-o </code> <em class="replaceable"><code>oid</code></em></span></dt><dd>Set policy OID for cert validation(Format OID.1.2.3)</dd><dt><span class="term"><code class="option">-p </code></span></dt><dd><p class="simpara">Use PKIX Library to validate certificate by calling:</p><p class="simpara"> * CERT_VerifyCertificate if specified once,</p><p class="simpara"> * CERT_PKIXVerifyCert if specified twice and more.</p></dd><dt><span class="term"><code class="option">-r </code></span></dt><dd>Following certfile is raw binary DER (default)</dd><dt><span class="term"><code class="option">-t</code></span></dt><dd>Following cert is explicitly trusted (overrides db trust)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>usage</code></em></span></dt><dd><p>
|
|
0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,
|
|
4=Email signer, 5=Email recipient, 6=Object signer,
|
|
9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
|
|
</p></dd><dt><span class="term"><code class="option">-T </code></span></dt><dd>Trust both explicit trust anchors (-t) and the database. (Without this option, the default is to only trust certificates marked -t, if there are any, or to trust the database if there are certificates marked -t.)
|
|
</dd><dt><span class="term"><code class="option">-v </code></span></dt><dd>Verbose mode. Prints root cert subject(double the
|
|
argument for whole root cert info)
|
|
</dd><dt><span class="term"><code class="option">-w </code> <em class="replaceable"><code>password</code></em></span></dt><dd>Database password</dd><dt><span class="term"><code class="option">-W </code> <em class="replaceable"><code>pwfile</code></em></span></dt><dd>Password file</dd><dt><span class="term"><code class="option"></code></span></dt><dd><p class="simpara">Revocation options for PKIX API (invoked with -pp options) is a
|
|
collection of the following flags:
|
|
[-g type [-h flags] [-m type [-s flags]] ...] ...</p><p class="simpara">Where: </p></dd><dt><span class="term"><code class="option">-g </code> <em class="replaceable"><code>test-type</code></em></span></dt><dd>Sets status checking test type. Possible values
|
|
are "leaf" or "chain"
|
|
</dd><dt><span class="term"><code class="option">-g </code> <em class="replaceable"><code>test type</code></em></span></dt><dd>Sets status checking test type. Possible values
|
|
are "leaf" or "chain".
|
|
</dd><dt><span class="term"><code class="option">-h </code> <em class="replaceable"><code>test flags</code></em></span></dt><dd>Sets revocation flags for the test type it
|
|
follows. Possible flags: "testLocalInfoFirst" and
|
|
"requireFreshInfo".
|
|
</dd><dt><span class="term"><code class="option">-m </code> <em class="replaceable"><code>method type</code></em></span></dt><dd>Sets method type for the test type it follows.
|
|
Possible types are "crl" and "ocsp".
|
|
</dd><dt><span class="term"><code class="option">-s </code> <em class="replaceable"><code>method flags</code></em></span></dt><dd>Sets revocation flags for the method it follows.
|
|
Possible types are "doNotUse", "forbidFetching",
|
|
"ignoreDefaultSrc", "requireInfo" and "failIfNoInfo".
|
|
</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</p><p>
|
|
Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.
|
|
</p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
</p></div></div><div class="navfooter"><hr></div></body></html>
|