+.TP
+Private key data is stored under
+.I ~/.config/.mono/keypairs/
+
+.SH EXAMPLES
+.TP
+.B mono certmgr.exe -list -c -m Trust
+List all certificates in the machine Trust store. This will display the hash
+value for each certificate. This value can be used to identify uniquely a
+certificate for some operations (e.g. delete). E.g.
+.B Unique Hash: FFA3AC0084DA1673B5A031EBB2156B3E8FBBF6D8
+.TP
+.B mono certmgr.exe -del -c -m Trust FFA3AC0084DA1673B5A031EBB2156B3E8FBBF6D8
+Remove the certificate, represented by the hash value, from the machine Trust
+store. Note that the machine store is normally restricted. The following
+error message will appear if the current user doesn't have the minimum access
+rights to remove the certificate:
+.B Access to the machine 'Trust' certificate store has been denied.
+.TP
+.B certmgr -ssl https://www.verisign.com
+Import certificates from www.verisign.com used for HTTP over SSL. See KNOWN
+ISSUES (MD2) if you're downloading from www.verisign.com.
+.TP
+.B certmgr -ssl ldaps://www.nldap.com:636
+Import the certificates from www.nldap.com used for secure LDAP. This works
+even if we don't know how to speak LDAP because we stop the communication
+shortly after the SSL handshake (which gives us the certificate).
+
+.SH KNOWN ISSUES
+.TP
+.B MD2
+Some Certificate Authorities (CA) old root certificates use the MD2 hash
+algorithm. MD2 is old enough not to be part of the standard .NET framework.
+This makes it impossible to validate a digital signature made with MD2. For
+this reason MD2 is included in the Mono.Security.dll assembly. However the
+machine.config file must be updated so the OID for MD2 is known at runtime.
+
+To correct this insert the following XML snippet inside the <configuration>
+element of your machine.config file.
+ <mscorlib>
+ <cryptographySettings>
+ <cryptoNameMapping>
+ <cryptoClasses>
+ <cryptoClass monoMD2="Mono.Security.Cryptography.MD2Managed, Mono.Security, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756" />
+ </cryptoClasses>
+ <nameEntry name="MD2" class="monoMD2" />
+ </cryptoNameMapping>
+ <oidMap>
+ <oidEntry OID="1.2.840.113549.2.2" name="MD2" />
+ </oidMap>
+ </cryptographySettings>
+ </mscorlib>
+