- improve manpage
This commit is contained in:
parent
540618e93b
commit
ed9b40a653
@ -286,6 +286,8 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
- improve manpage
|
||||||
|
|
||||||
* Tue Jul 09 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-15
|
* Tue Jul 09 2013 Kai Engert <kaie@redhat.com> - 2013.1.94-15
|
||||||
- clarification updates to manual page
|
- clarification updates to manual page
|
||||||
|
|
||||||
|
@ -33,23 +33,26 @@ SYNOPSIS
|
|||||||
DESCRIPTION
|
DESCRIPTION
|
||||||
-----------
|
-----------
|
||||||
update-ca-trust(8) is used to manage a consolidated and dynamic configuration
|
update-ca-trust(8) is used to manage a consolidated and dynamic configuration
|
||||||
feature of CA certificates and associated trust.
|
feature of Certificate Authority (CA) certificates and associated trust.
|
||||||
|
|
||||||
The feature is available for any new applications that read the
|
The feature is available for new applications that read the
|
||||||
consolidated configuration files found in the /etc/pki/ca-trust/extracted directory
|
consolidated configuration files found in the /etc/pki/ca-trust/extracted directory
|
||||||
or that load the PKCS#11 module p11-kit-trust.so
|
or that load the PKCS#11 module p11-kit-trust.so
|
||||||
|
|
||||||
Parts of the new feature are also provided in a way to make it useful
|
Parts of the new feature are also provided in a way to make it useful
|
||||||
by legacy applications.
|
for legacy applications.
|
||||||
|
|
||||||
Many legacy applications expect CA certificates and trust configuration
|
Many legacy applications expect CA certificates and trust configuration
|
||||||
in a fixed location, contained in files with particular path and name,
|
in a fixed location, contained in files with particular path and name,
|
||||||
or by referring to a specific legacy PKCS#11 trust module provided by the
|
or by referring to a classic PKCS#11 trust module provided by the
|
||||||
NSS cryptographic library.
|
NSS cryptographic library.
|
||||||
|
|
||||||
In order to enable legacy applications, that read the legacy files or
|
The dynamic configuration feature provides functionally compatible replacements
|
||||||
legacy module, to make use of the new consolidated and dynamic configuration
|
for classic configuration files and for the classic NSS trust module named libnssckbi.
|
||||||
feature, the legacy filenames have been changed to symbolic links.
|
|
||||||
|
In order to enable legacy applications, that read the classic files or
|
||||||
|
access the classic module, to make use of the new consolidated and dynamic configuration
|
||||||
|
feature, the classic filenames have been changed to symbolic links.
|
||||||
The symbolic links refer to dynamically created and consolidated
|
The symbolic links refer to dynamically created and consolidated
|
||||||
output stored below the /etc/pki/ca-trust/extracted directory hierarchy.
|
output stored below the /etc/pki/ca-trust/extracted directory hierarchy.
|
||||||
|
|
||||||
@ -58,8 +61,8 @@ or using the 'update-ca-trust extract' command.
|
|||||||
In order to produce the output, a flexible set of source configuration
|
In order to produce the output, a flexible set of source configuration
|
||||||
is read, as described in section <<sourceconf,SOURCE CONFIGURATION>>.
|
is read, as described in section <<sourceconf,SOURCE CONFIGURATION>>.
|
||||||
|
|
||||||
In addition, the static legacy PKCS#11 module
|
In addition, the classic PKCS#11 module
|
||||||
is replaced by a new PKCS#11 module (p11-kit-trust.so) that dynamically
|
is replaced with a new PKCS#11 module (p11-kit-trust.so) that dynamically
|
||||||
reads the same source configuration.
|
reads the same source configuration.
|
||||||
|
|
||||||
|
|
||||||
@ -147,7 +150,7 @@ directories or in any of their subdirectories, or after adding a file,
|
|||||||
it is necessary to run the 'update-ca-trust extract' command,
|
it is necessary to run the 'update-ca-trust extract' command,
|
||||||
in order to update the consolidated files in /etc/pki/ca-trust/extracted/ .
|
in order to update the consolidated files in /etc/pki/ca-trust/extracted/ .
|
||||||
|
|
||||||
Applications that load the legacy PKCS#11 module using filename libnssckbi.so
|
Applications that load the classic PKCS#11 module using filename libnssckbi.so
|
||||||
(which has been converted into a symbolic link pointing to the new module)
|
(which has been converted into a symbolic link pointing to the new module)
|
||||||
and any application capable of
|
and any application capable of
|
||||||
loading PKCS#11 modules and loading p11-kit-trust.so, will benefit from
|
loading PKCS#11 modules and loading p11-kit-trust.so, will benefit from
|
||||||
@ -215,15 +218,15 @@ COMMANDS
|
|||||||
FILES
|
FILES
|
||||||
-----
|
-----
|
||||||
/etc/pki/tls/certs/ca-bundle.crt::
|
/etc/pki/tls/certs/ca-bundle.crt::
|
||||||
Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
|
Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the simple BEGIN/END CERTIFICATE file format, without distrust information.
|
||||||
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
|
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
|
||||||
|
|
||||||
/etc/pki/tls/certs/ca-bundle.trust.crt::
|
/etc/pki/tls/certs/ca-bundle.trust.crt::
|
||||||
Legacy filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
|
Classic filename, file contains a list of CA certificates in the extended BEGIN/END TRUSTED CERTIFICATE file format, which includes trust (and/or distrust) flags specific to certificate usage.
|
||||||
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
|
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
|
||||||
|
|
||||||
/etc/pki/java/cacerts::
|
/etc/pki/java/cacerts::
|
||||||
Legacy filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
|
Classic filename, file contains a list of CA certificates trusted for TLS server authentication usage, in the Java keystore file format, without distrust information.
|
||||||
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
|
This file is a symbolic link that refers to the consolidated output created by the update-ca-trust command.
|
||||||
|
|
||||||
/usr/share/pki/ca-trust-source::
|
/usr/share/pki/ca-trust-source::
|
||||||
|
Loading…
Reference in New Issue
Block a user