2 .\" certmgr manual page.
3 .\" Copyright 2004 Novell
5 .\" Sebastien Pouliot <sebastien@ximian.com>
9 certmgr \- Mono Certificate Manager (CLI version)
12 .B certmgr [action] [object type] [options] store [filename]
14 .B certmgr -ssl [options] url
16 This tool allow to add, remove or extract certificates, certificate revocation
17 lists (CRL) or certificate trust lists (CTL) to/from a certificate store.
18 Certificate stores are used to build and validate certificate chains for
19 Authenticode(r) code signing validation and SSL server certificates.
23 Add a certificate, CRL or CTL to specified store.
26 Remove a certificate, CRL or CTL from specified store.
29 Copy a certificate, CRL or CTL from a store to a file.
32 Download and add the certificates from a SSL session. You'll be asked to
33 confirm the addition of every certificate received from the server. Note
34 that SSL/TLS protocols do not requires a server to send the root certificate.
35 This action assume an certificate (-c) object type and will import the
36 certificates in appropriate stores (i.e. server certificate in the
37 OtherPeople store, the root certificate in the Trust store, any other
38 intermediate certificates in the IntermediateCA store).
42 .I "-c", "-cert", "-certificate"
43 Add, Delete or Put certificates. That is the specified file must/will contains
44 X.509 certificates in DER binary encoding.
47 Add, Delete or Put certificate revocation lists (CRL). That is the specified
48 file must/will contains X.509 CRL in DER binary encoding.
51 Add, Delete or Put certificate trust lists (CRL). UNSUPPORTED.
56 Use the machine's certificate stores (instead of the default user's stores).
59 More details displayed on the console.
61 .I "-help", "-h", "-?", "/?"
62 Display help about this tool.
65 .B WARNING: This details the current behavior of Mono and could change between releases.
66 The only safe way to interact with certificate stores is to use the certmgr
67 tool. The current releases of Mono keeps all the user certificate stores in
68 separates directories under
69 .I ~/.config/.mono/certs/
71 For example the trusted root certificates for a user would be kept under
72 .I ~/.config/.mono/certs/Trust/
74 Certificates files are kept in DER (binary) format (extension .cer).
76 The filenames either starts with
80 (subject key identifier).
82 The rest of the filename is the base64-encoded value (tbp or ski).
86 .B certmgr -ssl https://www.verisign.com
87 Import certificates from www.verisign.com used for HTTP over SSL. See KNOWN
88 ISSUES (MD2) if you're downloading from www.verisign.com.
90 .B certmgr -ssl ldaps://www.nldap.com:636
91 Import the certificates from www.nldap.com used for secure LDAP. This works
92 even if we don't know how to speak LDAP because we stop the communication
93 shortly after the SSL handshake (which gives us the certificate).
98 Some Certificate Authorities (CA) old root certificates use the MD2 hash
99 algorithm. MD2 is old enough not to be part of the standard .NET framework.
100 This makes it impossible to validate a digital signature made with MD2. For
101 this reason MD2 is included in the Mono.Security.dll assembly. However the
102 machine.config file must be updated so the OID for MD2 is known at runtime.
104 To correct this insert the following XML snippet inside the <configuration>
105 element of your machine.config file.
107 <cryptographySettings>
\r
108 <cryptoNameMapping>
\r
110 <cryptoClass monoMD2="Mono.Security.Cryptography.MD2Managed, Mono.Security, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=0738eb9f132ed756" />
\r
112 <nameEntry name="MD2" class="monoMD2" />
\r
113 </cryptoNameMapping>
\r
115 <oidEntry OID="1.2.840.113549.2.2" name="MD2" />
\r
117 </cryptographySettings>
\r
121 Written by Sebastien Pouliot
123 Copyright (C) 2004 Novell.
125 Visit http://mail.ximian.com/mailman/mono-list for details.
127 Visit: http://www.go-mono.com for details
129 .BR makecert(1), setreg(1)