summaryrefslogtreecommitdiffstats
path: root/sbin/update-ca-certificates.8
blob: c60eab14cde9b8db3af91d0f9cf95941590b710f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
.\"                                      Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH UPDATE-CA-CERTIFICATES 8 "20 April 2003"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh        disable hyphenation
.\" .hy        enable hyphenation
.\" .ad l      left justify
.\" .ad b      justify to both left and right margins
.\" .nf        disable filling
.\" .fi        enable filling
.\" .br        insert line break
.\" .sp <n>    insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
update-ca-certificates \- update /etc/ssl/certs and ca-certificates.crt
.SH SYNOPSIS
.B update-ca-certificates
.RI [ options ]
.SH DESCRIPTION
This manual page documents briefly the
.B update-ca-certificates
command.
.PP
\fBupdate-ca-certificates\fP is a program that updates the directory
/etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt,
a concatenated single-file list of certificates.
.PP
It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
a CA certificate under /usr/share/ca-certificates that should be trusted.
Lines that begin with "#" are comment lines and thus ignored.
Lines that begin with "!" are deselected, causing the deactivation of the CA
certificate in question. Certificates must have a .crt extension in order to
be included by update-ca-certificates.
.PP
Furthermore all certificates with a .crt extension found below
/usr/local/share/ca-certificates are also included as implicitly trusted.
.PP
Before terminating, \fBupdate-ca-certificates\fP invokes
\fBrun-parts\fP on /etc/ca-certificates/update.d and calls each hook with
a list of certificates: those added are prefixed with a +, those removed are
prefixed with a -.
.SH OPTIONS
A summary of options is included below.
.TP
.B \-h, \-\-help
Show summary of options.
.TP
.B \-v, \-\-verbose
Be verbose. Output \fBopenssl rehash\fP.
.TP
.B \-f, \-\-fresh
Fresh updates.  Remove symlinks in /etc/ssl/certs directory.
.SH FILES
.TP
.I /etc/ca-certificates.conf
A configuration file.
.TP
.I /etc/ssl/certs/ca-certificates.crt
A single-file version of CA certificates.  This holds
all CA certificates that you activated in /etc/ca-certificates.conf.
.TP
.I /usr/share/ca-certificates
Directory of CA certificates.
.TP
.I /usr/local/share/ca-certificates
Directory of local CA certificates (with .crt extension).
.SH SEE ALSO
.BR openssl (1)
.SH AUTHOR
This manual page was written by Fumitoshi UKAI <ukai@debian.or.jp>,
for the Debian project (but may be used by others).