gecko/security/nss/doc/html/vfychain.html
Brian Smith b49af54726 Bug 858231: Upgrade to NSS 3.15 BETA 1 and adjust security/build to work with new NSS directory layout, r=bsmith
--HG--
rename : security/coreconf/AIX.mk => security/nss/coreconf/AIX.mk
rename : security/coreconf/Android.mk => security/nss/coreconf/Android.mk
rename : security/coreconf/BSD_OS.mk => security/nss/coreconf/BSD_OS.mk
rename : security/coreconf/BeOS.mk => security/nss/coreconf/BeOS.mk
rename : security/coreconf/Darwin.mk => security/nss/coreconf/Darwin.mk
rename : security/coreconf/FreeBSD.mk => security/nss/coreconf/FreeBSD.mk
rename : security/coreconf/HP-UX.mk => security/nss/coreconf/HP-UX.mk
rename : security/coreconf/HP-UXA.09.03.mk => security/nss/coreconf/HP-UXA.09.03.mk
rename : security/coreconf/HP-UXA.09.07.mk => security/nss/coreconf/HP-UXA.09.07.mk
rename : security/coreconf/HP-UXA.09.mk => security/nss/coreconf/HP-UXA.09.mk
rename : security/coreconf/HP-UXB.10.01.mk => security/nss/coreconf/HP-UXB.10.01.mk
rename : security/coreconf/HP-UXB.10.10.mk => security/nss/coreconf/HP-UXB.10.10.mk
rename : security/coreconf/HP-UXB.10.20.mk => security/nss/coreconf/HP-UXB.10.20.mk
rename : security/coreconf/HP-UXB.10.30.mk => security/nss/coreconf/HP-UXB.10.30.mk
rename : security/coreconf/HP-UXB.10.mk => security/nss/coreconf/HP-UXB.10.mk
rename : security/coreconf/HP-UXB.11.00.mk => security/nss/coreconf/HP-UXB.11.00.mk
rename : security/coreconf/HP-UXB.11.11.mk => security/nss/coreconf/HP-UXB.11.11.mk
rename : security/coreconf/HP-UXB.11.20.mk => security/nss/coreconf/HP-UXB.11.20.mk
rename : security/coreconf/HP-UXB.11.22.mk => security/nss/coreconf/HP-UXB.11.22.mk
rename : security/coreconf/HP-UXB.11.23.mk => security/nss/coreconf/HP-UXB.11.23.mk
rename : security/coreconf/HP-UXB.11.mk => security/nss/coreconf/HP-UXB.11.mk
rename : security/coreconf/IRIX.mk => security/nss/coreconf/IRIX.mk
rename : security/coreconf/IRIX5.2.mk => security/nss/coreconf/IRIX5.2.mk
rename : security/coreconf/IRIX5.3.mk => security/nss/coreconf/IRIX5.3.mk
rename : security/coreconf/IRIX5.mk => security/nss/coreconf/IRIX5.mk
rename : security/coreconf/IRIX6.2.mk => security/nss/coreconf/IRIX6.2.mk
rename : security/coreconf/IRIX6.3.mk => security/nss/coreconf/IRIX6.3.mk
rename : security/coreconf/IRIX6.5.mk => security/nss/coreconf/IRIX6.5.mk
rename : security/coreconf/IRIX6.mk => security/nss/coreconf/IRIX6.mk
rename : security/coreconf/Linux.mk => security/nss/coreconf/Linux.mk
rename : security/coreconf/Makefile => security/nss/coreconf/Makefile
rename : security/coreconf/NCR3.0.mk => security/nss/coreconf/NCR3.0.mk
rename : security/coreconf/NEC4.2.mk => security/nss/coreconf/NEC4.2.mk
rename : security/coreconf/NetBSD.mk => security/nss/coreconf/NetBSD.mk
rename : security/coreconf/OS2.mk => security/nss/coreconf/OS2.mk
rename : security/coreconf/OSF1.mk => security/nss/coreconf/OSF1.mk
rename : security/coreconf/OSF1V3.0.mk => security/nss/coreconf/OSF1V2.0.mk
rename : security/coreconf/OSF1V3.0.mk => security/nss/coreconf/OSF1V3.0.mk
rename : security/coreconf/OSF1V3.2.mk => security/nss/coreconf/OSF1V3.2.mk
rename : security/coreconf/OSF1V4.0.mk => security/nss/coreconf/OSF1V4.0.mk
rename : security/coreconf/OSF1V4.0B.mk => security/nss/coreconf/OSF1V4.0B.mk
rename : security/coreconf/OSF1V4.0D.mk => security/nss/coreconf/OSF1V4.0D.mk
rename : security/coreconf/OSF1V5.0.mk => security/nss/coreconf/OSF1V5.0.mk
rename : security/coreconf/OSF1V5.1.mk => security/nss/coreconf/OSF1V5.1.mk
rename : security/coreconf/OpenBSD.mk => security/nss/coreconf/OpenBSD.mk
rename : security/coreconf/OpenUNIX.mk => security/nss/coreconf/OpenUNIX.mk
rename : security/coreconf/QNX.mk => security/nss/coreconf/QNX.mk
rename : security/coreconf/README => security/nss/coreconf/README
rename : security/coreconf/RISCOS.mk => security/nss/coreconf/RISCOS.mk
rename : security/coreconf/ReliantUNIX.mk => security/nss/coreconf/ReliantUNIX.mk
rename : security/coreconf/ReliantUNIX5.4.mk => security/nss/coreconf/ReliantUNIX5.4.mk
rename : security/coreconf/SCOOS5.0.mk => security/nss/coreconf/SCOOS5.0.mk
rename : security/coreconf/SCO_SV3.2.mk => security/nss/coreconf/SCO_SV3.2.mk
rename : security/coreconf/SunOS4.1.3_U1.mk => security/nss/coreconf/SunOS4.1.3_U1.mk
rename : security/coreconf/UNIX.mk => security/nss/coreconf/UNIX.mk
rename : security/coreconf/UNIXWARE2.1.mk => security/nss/coreconf/UNIXWARE2.1.mk
rename : security/coreconf/WIN95.mk => security/nss/coreconf/WIN95.mk
rename : security/coreconf/WINNT.mk => security/nss/coreconf/WINNT.mk
rename : security/coreconf/arch.mk => security/nss/coreconf/arch.mk
rename : security/coreconf/command.mk => security/nss/coreconf/command.mk
rename : security/coreconf/coreconf.pl => security/nss/coreconf/coreconf.pl
rename : security/coreconf/cpdist.pl => security/nss/coreconf/cpdist.pl
rename : security/coreconf/headers.mk => security/nss/coreconf/headers.mk
rename : security/coreconf/import.pl => security/nss/coreconf/import.pl
rename : security/coreconf/jdk.mk => security/nss/coreconf/jdk.mk
rename : security/coreconf/jniregen.pl => security/nss/coreconf/jniregen.pl
rename : security/coreconf/location.mk => security/nss/coreconf/location.mk
rename : security/coreconf/mkdepend/Makefile => security/nss/coreconf/mkdepend/Makefile
rename : security/coreconf/mkdepend/cppsetup.c => security/nss/coreconf/mkdepend/cppsetup.c
rename : security/coreconf/mkdepend/def.h => security/nss/coreconf/mkdepend/def.h
rename : security/coreconf/mkdepend/ifparser.c => security/nss/coreconf/mkdepend/ifparser.c
rename : security/coreconf/mkdepend/ifparser.h => security/nss/coreconf/mkdepend/ifparser.h
rename : security/coreconf/mkdepend/imakemdep.h => security/nss/coreconf/mkdepend/imakemdep.h
rename : security/coreconf/mkdepend/include.c => security/nss/coreconf/mkdepend/include.c
rename : security/coreconf/mkdepend/main.c => security/nss/coreconf/mkdepend/main.c
rename : security/coreconf/mkdepend/mkdepend.man => security/nss/coreconf/mkdepend/mkdepend.man
rename : security/coreconf/mkdepend/parse.c => security/nss/coreconf/mkdepend/parse.c
rename : security/coreconf/mkdepend/pr.c => security/nss/coreconf/mkdepend/pr.c
rename : security/coreconf/module.mk => security/nss/coreconf/module.mk
rename : security/coreconf/nsinstall/Makefile => security/nss/coreconf/nsinstall/Makefile
rename : security/coreconf/nsinstall/nsinstall.c => security/nss/coreconf/nsinstall/nsinstall.c
rename : security/coreconf/nsinstall/pathsub.c => security/nss/coreconf/nsinstall/pathsub.c
rename : security/coreconf/nsinstall/pathsub.h => security/nss/coreconf/nsinstall/pathsub.h
rename : security/coreconf/nsinstall/sunos4.h => security/nss/coreconf/nsinstall/sunos4.h
rename : security/coreconf/outofdate.pl => security/nss/coreconf/outofdate.pl
rename : security/coreconf/prefix.mk => security/nss/coreconf/prefix.mk
rename : security/coreconf/release.pl => security/nss/coreconf/release.pl
rename : security/coreconf/rules.mk => security/nss/coreconf/rules.mk
rename : security/coreconf/ruleset.mk => security/nss/coreconf/ruleset.mk
rename : security/coreconf/source.mk => security/nss/coreconf/source.mk
rename : security/coreconf/suffix.mk => security/nss/coreconf/suffix.mk
rename : security/coreconf/tree.mk => security/nss/coreconf/tree.mk
rename : security/coreconf/version.mk => security/nss/coreconf/version.mk
rename : security/coreconf/version.pl => security/nss/coreconf/version.pl
rename : security/dbm/config/config.mk => security/nss/lib/dbm/config/config.mk
rename : dbm/include/cdefs.h => security/nss/lib/dbm/include/cdefs.h
rename : dbm/include/extern.h => security/nss/lib/dbm/include/extern.h
rename : dbm/include/hash.h => security/nss/lib/dbm/include/hash.h
rename : dbm/include/search.h => security/nss/lib/dbm/include/hsearch.h
rename : dbm/include/mcom_db.h => security/nss/lib/dbm/include/mcom_db.h
rename : dbm/include/mpool.h => security/nss/lib/dbm/include/mpool.h
rename : dbm/include/ncompat.h => security/nss/lib/dbm/include/ncompat.h
rename : dbm/include/page.h => security/nss/lib/dbm/include/page.h
rename : dbm/include/queue.h => security/nss/lib/dbm/include/queue.h
rename : dbm/include/search.h => security/nss/lib/dbm/include/search.h
rename : dbm/include/winfile.h => security/nss/lib/dbm/include/winfile.h
rename : dbm/src/db.c => security/nss/lib/dbm/src/db.c
rename : security/dbm/src/dirent.c => security/nss/lib/dbm/src/dirent.c
rename : security/dbm/src/dirent.h => security/nss/lib/dbm/src/dirent.h
rename : dbm/src/h_bigkey.c => security/nss/lib/dbm/src/h_bigkey.c
rename : dbm/src/h_func.c => security/nss/lib/dbm/src/h_func.c
rename : dbm/src/h_log2.c => security/nss/lib/dbm/src/h_log2.c
rename : dbm/src/h_page.c => security/nss/lib/dbm/src/h_page.c
rename : dbm/src/hash.c => security/nss/lib/dbm/src/hash.c
rename : dbm/src/hash_buf.c => security/nss/lib/dbm/src/hash_buf.c
rename : dbm/src/memmove.c => security/nss/lib/dbm/src/memmove.c
rename : dbm/src/mktemp.c => security/nss/lib/dbm/src/mktemp.c
rename : dbm/src/snprintf.c => security/nss/lib/dbm/src/snprintf.c
rename : dbm/src/strerror.c => security/nss/lib/dbm/src/strerror.c
rename : dbm/tests/dbmtest.pkg => security/nss/lib/dbm/tests/dbmtest.pkg
rename : dbm/tests/lots.c => security/nss/lib/dbm/tests/lots.c
extra : rebase_source : 119dad5f824e8e760182047fd32e2a0d0f944172
extra : amend_source : 98e24aa51f9044d9091a26f013b643925e8f9dcf
2013-04-11 16:46:53 -07:00

29 lines
6.7 KiB
HTML

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>VFYCHAIN</title><meta name="generator" content="DocBook XSL Stylesheets V1.77.1"><link rel="home" href="index.html" title="VFYCHAIN"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">VFYCHAIN</th></tr></table><hr></div><div class="refentry"><a name="vfychain"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>vfychain — vfychain [options] [revocation options] certfile [[options] certfile] ...</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="cmdsynopsis"><p><code class="command">vfychain</code> </p></div></div><div class="refsection"><a name="idp522256"></a><h2>STATUS</h2><p>This documentation is still work in progress. Please contribute to the initial review in <a class="ulink" href="https://bugzilla.mozilla.org/show_bug.cgi?id=836477" target="_top">Mozilla NSS bug 836477</a>
</p></div><div class="refsection"><a name="description"></a><h2>Description</h2><p>The verification Tool, <span class="command"><strong>vfychain</strong></span>, verifies certificate chains. <span class="command"><strong>modutil</strong></span> can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign default providers for cryptographic operations. This tool can also create certificate, key, and module security database files.</p><p>The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases.</p></div><div class="refsection"><a name="options"></a><h2>Options</h2><div class="variablelist"><dl class="variablelist"><dt><span class="term"><code class="option">-a</code></span></dt><dd>the following certfile is base64 encoded</dd><dt><span class="term"><code class="option">-b </code> <em class="replaceable"><code>YYMMDDHHMMZ</code></em></span></dt><dd>Validate date (default: now)</dd><dt><span class="term"><code class="option">-d </code> <em class="replaceable"><code>directory</code></em></span></dt><dd>database directory</dd><dt><span class="term"><code class="option">-f </code> </span></dt><dd>Enable cert fetching from AIA URL</dd><dt><span class="term"><code class="option">-o </code> <em class="replaceable"><code>oid</code></em></span></dt><dd>Set policy OID for cert validation(Format OID.1.2.3)</dd><dt><span class="term"><code class="option">-p </code></span></dt><dd><p class="simpara">Use PKIX Library to validate certificate by calling:</p><p class="simpara"> * CERT_VerifyCertificate if specified once,</p><p class="simpara"> * CERT_PKIXVerifyCert if specified twice and more.</p></dd><dt><span class="term"><code class="option">-r </code></span></dt><dd>Following certfile is raw binary DER (default)</dd><dt><span class="term"><code class="option">-t</code></span></dt><dd>Following cert is explicitly trusted (overrides db trust)</dd><dt><span class="term"><code class="option">-u </code> <em class="replaceable"><code>usage</code></em></span></dt><dd><p>
0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA,
4=Email signer, 5=Email recipient, 6=Object signer,
9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
</p></dd><dt><span class="term"><code class="option">-T </code></span></dt><dd>Trust both explicit trust anchors (-t) and the database. (Without this option, the default is to only trust certificates marked -t, if there are any, or to trust the database if there are certificates marked -t.)
</dd><dt><span class="term"><code class="option">-v </code></span></dt><dd>Verbose mode. Prints root cert subject(double the
argument for whole root cert info)
</dd><dt><span class="term"><code class="option">-w </code> <em class="replaceable"><code>password</code></em></span></dt><dd>Database password</dd><dt><span class="term"><code class="option">-W </code> <em class="replaceable"><code>pwfile</code></em></span></dt><dd>Password file</dd><dt><span class="term"><code class="option"></code></span></dt><dd><p class="simpara">Revocation options for PKIX API (invoked with -pp options) is a
collection of the following flags:
[-g type [-h flags] [-m type [-s flags]] ...] ...</p><p class="simpara">Where: </p></dd><dt><span class="term"><code class="option">-g </code> <em class="replaceable"><code>test-type</code></em></span></dt><dd>Sets status checking test type. Possible values
are "leaf" or "chain"
</dd><dt><span class="term"><code class="option">-g </code> <em class="replaceable"><code>test type</code></em></span></dt><dd>Sets status checking test type. Possible values
are "leaf" or "chain".
</dd><dt><span class="term"><code class="option">-h </code> <em class="replaceable"><code>test flags</code></em></span></dt><dd>Sets revocation flags for the test type it
follows. Possible flags: "testLocalInfoFirst" and
"requireFreshInfo".
</dd><dt><span class="term"><code class="option">-m </code> <em class="replaceable"><code>method type</code></em></span></dt><dd>Sets method type for the test type it follows.
Possible types are "crl" and "ocsp".
</dd><dt><span class="term"><code class="option">-s </code> <em class="replaceable"><code>method flags</code></em></span></dt><dd>Sets revocation flags for the method it follows.
Possible types are "doNotUse", "forbidFetching",
"ignoreDefaultSrc", "requireInfo" and "failIfNoInfo".
</dd></dl></div></div><div class="refsection"><a name="resources"></a><h2>Additional Resources</h2><p>For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at <a class="ulink" href="http://www.mozilla.org/projects/security/pki/nss/" target="_top">http://www.mozilla.org/projects/security/pki/nss/</a>. The NSS site relates directly to NSS code changes and releases.</p><p>Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto</p><p>IRC: Freenode at #dogtag-pki</p></div><div class="refsection"><a name="authors"></a><h2>Authors</h2><p>The NSS tools were written and maintained by developers with Netscape, Red Hat, and Sun.</p><p>
Authors: Elio Maldonado &lt;emaldona@redhat.com&gt;, Deon Lackey &lt;dlackey@redhat.com&gt;.
</p></div><div class="refsection"><a name="license"></a><h2>LICENSE</h2><p>Licensed under the Mozilla Public License, version 1.1,
and/or the GNU General Public License, version 2 or later,
and/or the GNU Lesser General Public License, version 2.1 or later.
</p></div></div><div class="navfooter"><hr></div></body></html>