- improve manpage
This commit is contained in:
parent
540618e93b
commit
ed9b40a653
@ -286,6 +286,8 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
- improve manpage
|
||||
|
||||
* Tue Jul 09 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-15
|
||||
- clarification updates to manual page
|
||||
|
||||
|
@ -33,23 +33,26 @@ SYNOPSIS
|
||||
DESCRIPTION
|
||||
-----------
|
||||
update-ca-trust(8) is used to manage a consolidated and dynamic configuration
|
||||
feature of CA certificates and associated trust.
|
||||
feature of Certificate Authority (CA) certificates and associated trust.
|
||||
|
||||
The feature is available for any new applications that read the
|
||||
The feature is available for new applications that read the
|
||||
consolidated configuration files found in the /etc/pki/ca-trust/extracted directory
|
||||
or that load the PKCS#11 module p11-kit-trust.so
|
||||
|
||||
Parts of the new feature are also provided in a way to make it useful
|
||||
by legacy applications.
|
||||
for legacy applications.
|
||||
|
||||
Many legacy applications expect CA certificates and trust configuration
|
||||
in a fixed location, contained in files with particular path and name,
|
||||
or by referring to a specific legacy PKCS#11 trust module provided by the
|
||||
or by referring to a classic PKCS#11 trust module provided by the
|
||||
NSS cryptographic library.
|
||||
|
||||
In order to enable legacy applications, that read the legacy files or
|
||||
legacy module, to make use of the new consolidated and dynamic configuration
|
||||
feature, the legacy filenames have been changed to symbolic links.
|
||||
The dynamic configuration feature provides functionally compatible replacements
|
||||
for classic configuration files and for the classic NSS trust module named libnssckbi.
|
||||
|
||||
In order to enable legacy applications, that read the classic files or
|
||||
access the classic module, to make use of the new consolidated and dynamic configuration
|
||||
feature, the classic filenames have been changed to symbolic links.
|
||||
The symbolic links refer to dynamically created and consolidated
|
||||
output stored below the /etc/pki/ca-trust/extracted directory hierarchy.
|
||||
|
||||
@ -58,8 +61,8 @@ or using the 'update-ca-trust extract' command.
|
||||
In order to produce the output, a flexible set of source configuration
|
||||
is read, as described in section <<sourceconf,SOURCE CONFIGURATION>>.
|
||||
|
||||
In addition, the static legacy PKCS#11 module
|
||||
is replaced by a new PKCS#11 module (p11-kit-trust.so) that dynamically
|
||||
In addition, the classic PKCS#11 module
|
||||
is replaced with a new PKCS#11 module (p11-kit-trust.so) that dynamically
|
||||
reads the same source configuration.
|
||||
|
||||
|
||||
@ -147,7 +150,7 @@ directories or in any of their subdirectories, or after adding a file,
|
||||
it is necessary to run the 'update-ca-trust extract' command,
|
||||
in order to update the consolidated files in /etc/pki/ca-trust/extracted/ .
|
||||
|
||||
Applications that load the legacy PKCS#11 module using filename libnssckbi.so
|
||||
Applications that load the classic PKCS#11 module using filename libnssckbi.so
|
||||
(which has been converted into a symbolic link pointing to the new module)
|
||||
and any application capable of
|
||||
loading PKCS#11 modules and loading p11-kit-trust.so, will benefit from
|
||||
@ -215,15 +218,15 @@ COMMANDS
|
||||
FILES
|
||||
-----
|
||||
/etc/pki/tls/certs/ca-bundle.crt::
|
||||
Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
|
||||
Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
|
||||
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
|
||||
|
||||
/etc/pki/tls/certs/ca-bundle.trust.crt::
|
||||
Legacy filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
|
||||
Classic filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
|
||||
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
|
||||
|
||||
/etc/pki/java/cacerts::
|
||||
Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
|
||||
Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
|
||||
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
|
||||
|
||||
/usr/share/pki/ca-trust-source::
|
||||
|
Loading…
Reference in New Issue
Block a user