diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /security/nss/doc/rst/legacy/reference/nss_tools__colon__vfychain/index.rst | |
parent | Initial commit. (diff) | |
download | firefox-esr-upstream.tar.xz firefox-esr-upstream.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'security/nss/doc/rst/legacy/reference/nss_tools__colon__vfychain/index.rst')
-rw-r--r-- | security/nss/doc/rst/legacy/reference/nss_tools__colon__vfychain/index.rst | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/security/nss/doc/rst/legacy/reference/nss_tools__colon__vfychain/index.rst b/security/nss/doc/rst/legacy/reference/nss_tools__colon__vfychain/index.rst new file mode 100644 index 0000000000..e6d92ccd47 --- /dev/null +++ b/security/nss/doc/rst/legacy/reference/nss_tools__colon__vfychain/index.rst @@ -0,0 +1,132 @@ +.. _mozilla_projects_nss_reference_nss_tools_:_vfychain: + +NSS tools : vfychain +==================== + +.. container:: + + Name + + | vfychain — vfychain [options] [revocation options] certfile [[options] + | certfile] ... + + Synopsis + + vfychain + + Description + + | The verification Tool, vfychain, verifies certificate chains. modutil can + | add and delete PKCS #11 modules, change passwords on security databases, + | set defaults, list module contents, enable or disable slots, enable or + | disable FIPS 140-2 compliance, and assign default providers for + | cryptographic operations. This tool can also create certificate, key, and + | module security database files. + + | The tasks associated with security module database management are part of + | a process that typically also involves managing key databases and + | certificate databases. + + Options + + | -a + | the following certfile is base64 encoded + + | -b YYMMDDHHMMZ + | Validate date (default: now) + + | -d directory + | database directory + + | -f + | Enable cert fetching from AIA URL + + | -o oid + | Set policy OID for cert validation(Format OID.1.2.3) + + -p + + Use PKIX Library to validate certificate by calling: + + \* CERT_VerifyCertificate if specified once, + + \* CERT_PKIXVerifyCert if specified twice and more. + + | -r + | Following certfile is raw binary DER (default) + + | -t + | Following cert is explicitly trusted (overrides db trust) + + -u usage + + | 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email + | signer, 5=Email recipient, 6=Object signer, + | 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA + + | -v + | Verbose mode. Prints root cert subject(double the argument for + | whole root cert info) + + | -w password + | Database password + + | -W pwfile + | Password file + + | Revocation options for PKIX API (invoked with -pp options) is a + | collection of the following flags: [-g type [-h flags] [-m type + | [-s flags]] ...] ... + + Where: + + | -g test-type + | Sets status checking test type. Possible values are "leaf" or + | "chain" + + | -g test type + | Sets status checking test type. Possible values are "leaf" or + | "chain". + + | -h test flags + | Sets revocation flags for the test type it follows. Possible + | flags: "testLocalInfoFirst" and "requireFreshInfo". + + | -m method type + | Sets method type for the test type it follows. Possible types are + | "crl" and "ocsp". + + | -s method flags + | Sets revocation flags for the method it follows. Possible types + | are "doNotUse", "forbidFetching", "ignoreDefaultSrc", + | "requireInfo" and "failIfNoInfo". + + Additional Resources + + | For information about NSS and other tools related to NSS (like JSS), check + | out the NSS project wiki at + | [1]\ `http://www.mozilla.org/projects/security/pki/nss/ <https://www.mozilla.org/projects/security/pki/nss/>`__. + The NSS site relates + | directly to NSS code changes and releases. + + Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto + + IRC: Freenode at #dogtag-pki + + Authors + + | The NSS tools were written and maintained by developers with Netscape, Red + | Hat, and Sun. + + | Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey + | <dlackey@redhat.com>. + + Copyright + + (c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2. + + References + + | Visible links + | 1. + `http://www.mozilla.org/projects/security/pki/nss/ <https://www.mozilla.org/projects/security/pki/nss/>`__
\ No newline at end of file |