X-Git-Url: http://wien.tomnetworks.com/gitweb/?a=blobdiff_plain;f=man%2Fcertmgr.1;h=92bfa164b96340f38e80ec070b04222ebeacf264;hb=HEAD;hp=40cb4d200f52c5ac45d664ac0fbfc69e4748ef68;hpb=e970d388d39ac77a78f3387245ae9a556f5ba421;p=mono.git diff --git a/man/certmgr.1 b/man/certmgr.1 old mode 100755 new mode 100644 index 40cb4d200f5..92bfa164b96 --- a/man/certmgr.1 +++ b/man/certmgr.1 @@ -1,8 +1,10 @@ .\" .\" certmgr manual page. -.\" Copyright 2004 Novell +.\" Copyright 2004-2005 Novell +.\" Copyright 2010 Pablo Ruiz .\" Author: .\" Sebastien Pouliot +.\" Pablo Ruiz Garcia .\" .TH Mono "certmgr" .SH NAME @@ -13,17 +15,47 @@ certmgr \- Mono Certificate Manager (CLI version) or .B certmgr -ssl [options] url .SH DESCRIPTION -This tool allow to add, remove or extract certificates, certificate revocation -lists (CRL) or certificate trust lists (CTL) to/from a certificate store. -Certificate stores are used to build and validate certificate chains for -Authenticode(r) code signing validation and SSL server certificates. +This tool allows to list, add, remove or extract certificates, certificate +revocation lists (CRL) or certificate trust lists (CTL) to/from a +certificate store. Certificate stores are used to build and validate +certificate chains for Authenticode(r) code signing validation and SSL +server certificates. +.SH STORES +The +.I store +represents the certificate store to use. It can be one of the +following: +.TP +.I "My" +This is the personal certificate store. +.TP +.I "AddressBook" +This is the store for other people. +.TP +.I "CA" +This is a store for intermediate certificate authorities. +.TP +.I "Trust" +This is for trusted roots. +.TP +.I "Disallowed" +This is for untrusted roots .SH ACTIONS .TP +.I "-list" +List the certificates, CTL or CTL in the specified store. +.TP .I "-add" -Add a certificate, CRL or CTL to specified store. +Add a certificate, CRL or CTL to specified store. If filename is a pkcs12 +or pfx file, and it contains a private key, it will be imported to local key +pair container. .TP .I "-del" -Remove a certificate, CRL or CTL from specified store. +Remove a certificate, CRL or CTL from specified store. You must specify the +object to be removed with it's hash value (and not a filename). This hash +value is shown when doing a +.B -list +on the store. .TP .I "-put" Copy a certificate, CRL or CTL from a store to a file. @@ -32,20 +64,25 @@ Copy a certificate, CRL or CTL from a store to a file. Download and add the certificates from a SSL session. You'll be asked to confirm the addition of every certificate received from the server. Note that SSL/TLS protocols do not requires a server to send the root certificate. -This action assume an certificate (-c) object type and will import the +This action assumes a certificate (-c) object type and will import the certificates in appropriate stores (i.e. server certificate in the -OtherPeople store, the root certificate in the Trust store, any other +OtherPeople store, the root certificate in the Trust store and any other intermediate certificates in the IntermediateCA store). +.TP +.I "-importKey" +Allows importing a private key from a pkcs12 file into a local key pair +store. (Useful when you already have the key's corresponding certificate +installed at the specific store.) .SH OBJECT TYPES .TP .I "-c", "-cert", "-certificate" -Add, Delete or Put certificates. That is the specified file must/will contains +Add, Delete or Put certificates. That is the specified file must/will contain X.509 certificates in DER binary encoding. .TP .I "-crl" Add, Delete or Put certificate revocation lists (CRL). That is the specified -file must/will contains X.509 CRL in DER binary encoding. +file must/will contain X.509 CRL in DER binary encoding. .TP .I "-ctl" Add, Delete or Put certificate trust lists (CRL). UNSUPPORTED. @@ -58,6 +95,9 @@ Use the machine's certificate stores (instead of the default user's stores). .I "-v" More details displayed on the console. .TP +.I "-p password" +Use the specified password when accessing a pkcs12 file. +.TP .I "-help", "-h", "-?", "/?" Display help about this tool. @@ -73,16 +113,32 @@ For example the trusted root certificates for a user would be kept under .TP Certificates files are kept in DER (binary) format (extension .cer). .TP -The filenames either starts with +The filenames either start with .I tbp (thumbprint) or .I ski (subject key identifier). .TP The rest of the filename is the base64-encoded value (tbp or ski). +.TP +Private key data is stored under +.I ~/.config/.mono/keypairs/ .SH EXAMPLES .TP +.B mono certmgr.exe -list -c -m Trust +List all certificates in the machine Trust store. This will display the hash +value for each certificate. This value can be used to identify uniquely a +certificate for some operations (e.g. delete). E.g. +.B Unique Hash: FFA3AC0084DA1673B5A031EBB2156B3E8FBBF6D8 +.TP +.B mono certmgr.exe -del -c -m Trust FFA3AC0084DA1673B5A031EBB2156B3E8FBBF6D8 +Remove the certificate, represented by the hash value, from the machine Trust +store. Note that the machine store is normally restricted. The following +error message will appear if the current user doesn't have the minimum access +rights to remove the certificate: +.B Access to the machine 'Trust' certificate store has been denied. +.TP .B certmgr -ssl https://www.verisign.com Import certificates from www.verisign.com used for HTTP over SSL. See KNOWN ISSUES (MD2) if you're downloading from www.verisign.com. @@ -103,27 +159,29 @@ machine.config file must be updated so the OID for MD2 is known at runtime. To correct this insert the following XML snippet inside the element of your machine.config file. - - - - - - - - - - - - + + + + + + + + + + + + .SH AUTHOR Written by Sebastien Pouliot + +Minor additions by Pablo Ruiz García .SH COPYRIGHT -Copyright (C) 2004 Novell. +Copyright (C) 2004-2005 Novell. .SH MAILING LISTS -Visit http://mail.ximian.com/mailman/mono-list for details. +Visit http://lists.ximian.com/mailman/listinfo/mono-list for details. .SH WEB SITE -Visit: http://www.go-mono.com for details +Visit http://www.mono-project.com for details .SH SEE ALSO .BR makecert(1), setreg(1)