rpms/ca-certificates
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- improve manpage

Browse Source
This commit is contained in:
Kai Engert 2013-07-17 15:39:41 +02:00
parent 540618e93b
commit ed9b40a653
2 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ca-certificates.spec
View File

@ -286,6 +286,8 @@ fi
%changelog %changelog
- improve manpage
* Tue Jul 09 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-15 * Tue Jul 09 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-15
- clarification updates to manual page - clarification updates to manual page

29
update-ca-trust.8.txt
View File

@ -33,23 +33,26 @@ SYNOPSIS
DESCRIPTION DESCRIPTION
----------- -----------
update-ca-trust(8) is used to manage a consolidated and dynamic configuration update-ca-trust(8) is used to manage a consolidated and dynamic configuration
feature of CA certificates and associated trust. feature of Certificate Authority (CA) certificates and associated trust.
The feature is available for any new applications that read the The feature is available for new applications that read the
consolidated configuration files found in the /etc/pki/ca-trust/extracted directory consolidated configuration files found in the /etc/pki/ca-trust/extracted directory
or that load the PKCS#11 module p11-kit-trust.so or that load the PKCS#11 module p11-kit-trust.so
Parts of the new feature are also provided in a way to make it useful Parts of the new feature are also provided in a way to make it useful
by legacy applications. for legacy applications.
Many legacy applications expect CA certificates and trust configuration Many legacy applications expect CA certificates and trust configuration
in a fixed location, contained in files with particular path and name, in a fixed location, contained in files with particular path and name,
or by referring to a specific legacy PKCS#11 trust module provided by the or by referring to a classic PKCS#11 trust module provided by the
NSS cryptographic library. NSS cryptographic library.
In order to enable legacy applications, that read the legacy files or The dynamic configuration feature provides functionally compatible replacements
legacy module, to make use of the new consolidated and dynamic configuration for classic configuration files and for the classic NSS trust module named libnssckbi.
feature, the legacy filenames have been changed to symbolic links.
In order to enable legacy applications, that read the classic files or
access the classic module, to make use of the new consolidated and dynamic configuration
feature, the classic filenames have been changed to symbolic links.
The symbolic links refer to dynamically created and consolidated The symbolic links refer to dynamically created and consolidated
output stored below the /etc/pki/ca-trust/extracted directory hierarchy. output stored below the /etc/pki/ca-trust/extracted directory hierarchy.
@ -58,8 +61,8 @@ or using the 'update-ca-trust extract' command.
In order to produce the output, a flexible set of source configuration In order to produce the output, a flexible set of source configuration
is read, as described in section <<sourceconf,SOURCE CONFIGURATION>>. is read, as described in section <<sourceconf,SOURCE CONFIGURATION>>.
In addition, the static legacy PKCS#11 module In addition, the classic PKCS#11 module
is replaced by a new PKCS#11 module (p11-kit-trust.so) that dynamically is replaced with a new PKCS#11 module (p11-kit-trust.so) that dynamically
reads the same source configuration. reads the same source configuration.
@ -147,7 +150,7 @@ directories or in any of their subdirectories, or after adding a file,
it is necessary to run the 'update-ca-trust extract' command, it is necessary to run the 'update-ca-trust extract' command,
in order to update the consolidated files in /etc/pki/ca-trust/extracted/ . in order to update the consolidated files in /etc/pki/ca-trust/extracted/ .
Applications that load the legacy PKCS#11 module using filename libnssckbi.so Applications that load the classic PKCS#11 module using filename libnssckbi.so
(which has been converted into a symbolic link pointing to the new module) (which has been converted into a symbolic link pointing to the new module)
and any application capable of and any application capable of
loading PKCS#11 modules and loading p11-kit-trust.so, will benefit from loading PKCS#11 modules and loading p11-kit-trust.so, will benefit from
@ -215,15 +218,15 @@ COMMANDS
FILES FILES
----- -----
/etc/pki/tls/certs/ca-bundle.crt:: /etc/pki/tls/certs/ca-bundle.crt::
Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information. Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command. This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
/etc/pki/tls/certs/ca-bundle.trust.crt:: /etc/pki/tls/certs/ca-bundle.trust.crt::
Legacy filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage. Classic filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command. This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
/etc/pki/java/cacerts:: /etc/pki/java/cacerts::
Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information. Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command. This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
/usr/share/pki/ca-trust-source:: /usr/share/pki/ca-trust-source::