Provide a tool for analyzing and repairing certificate databases dbck. Migrate tools from secutil. Eliminate redundant functionality in tools. Eliminate use of getopt and replace with NSPR calls to get command options to eliminate platform dependencies with getopt.
Tool Description Links certutil 2. In each category position, use none, any, or all of the attribute codes: o p - Valid peer o P - Trusted peer implies p o c - Valid CA o T - Trusted CA to issue client certificates implies c o C - Trusted CA to issue server certificates SSL only implies c o u - Certificate can be used for authentication or signing o w - Send warning use with other attributes to include a warning when the certificate is used in that context The attribute codes for the categories are separated by commas, and the entire set of attributes enclosed by quotation marks.
For example: -t "TCu,Cu,Tuw" Use the -L option to see a list of the current certificates and trust attributes in a certificate database. The validity period begins at the current system time unless an offset is added or subtracted with the -w option. If this argument is not used, the default validity period is three months. When this argument is used, the default three-month period is automatically added to any value given in the valid-month argument.
For example, using this option to set a value of 3 would cause 3 to be added to the three-month default, creating a validity period of six months.
You can use negative values to reduce the default period. For example, setting a value of -2 would subtract 2 from the default and create a validity period of one month. Use when creating the certificate or adding it to a database. Express the offset in integers, using a minus sign - to indicate a negative offset. If this argument is not used, the validity period begins at the current system time.
The length of the validity period is set with the -v argument. This is used with the -U and -L command options. The available alternate values are 3 and This argument makes it possible to use hardware-generated seed values or manually create a value from the keyboard. The minimum file size is 20 bytes. There are several available keywords: o digital signature o nonRepudiation o keyEncipherment o dataEncipherment o keyAgreement o certSigning o crlSigning o critical -2 Add a basic constraint extension to a certificate that is being created or added to a database.
This extension supports the certificate chain verification process. This extension supports the identification of a particular certificate, from among multiple certificates associated with one subject name, as the correct issuer of a certificate. Subject alternative name extensions are described in Section 4. Usage and Examples Most of the command options in the examples listed here have more arguments available. The arguments included in these examples are the most common ones or are used to illustrate a specific scenario.
Use the -H option to show the complete list of arguments for each command option. Creating New Security Databases Certificates, keys, and security modules related to managing certificates are stored in three related databases: o cert8. This request is submitted separately to a certificate authority and is then approved by some mechanism automatically or by human review.
Once the request is approved, then the certificate is generated. This may take a few moments This can be done by specifying a CA certificate -c that is stored in the certificate database. If a CA key pair is not available, you can create a self-signed certificate using the -x argument with the -S command option. The issuing certificate must be in the certificate database in the specified directory.
The path to the directory -d is required. Mozilla Blog Learn about Mozilla and the issues that matter to us. Close Innovation menu Mozilla Hubs Gather in this interactive, online, multi-dimensional social space. Firefox Developer Edition Get the Firefox browser built just for developers. Firefox Reality Explore the web with the Firefox browser for virtual reality. Common Voice Donate your voice so the future of the web can hear everyone.
Impact key Critical Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing. High Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions. For additional information about this tool, see Object Signing. Currently points to the signver documentation on developer.
Last modified March 29, Document History. The Tools Information table below describes both the tools that are currently working and those that are still under development. The links for each tool take you to the source code, documentation, plans, and related links for each tool. The links will become active when information is available.
0コメント