man-pages/man8/update-ca-certificates.8.html
2021-03-31 01:06:50 +01:00

132 lines
3.3 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of UPDATE-CA-CERTIFICATES</TITLE>
</HEAD><BODY>
<H1>UPDATE-CA-CERTIFICATES</H1>
Section: Maintenance Commands (8)<BR>Updated: 20 April 2003<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
update-ca-certificates - update /etc/ssl/certs and ca-certificates.crt
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>update-ca-certificates</B>
[<I>options</I>]
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
This manual page documents briefly the
<B>update-ca-certificates</B>
command.
<P>
<B>update-ca-certificates</B> is a program that updates the directory
/etc/ssl/certs to hold SSL certificates and generates ca-certificates.crt,
a concatenated single-file list of certificates.
<P>
It reads the file /etc/ca-certificates.conf. Each line gives a pathname of
a CA certificate under /usr/share/ca-certificates that should be trusted.
Lines that begin with &quot;#&quot; are comment lines and thus ignored.
Lines that begin with &quot;!&quot; are deselected, causing the deactivation of the CA
certificate in question. Certificates must have a .crt extension in order to
be included by update-ca-certificates.
<P>
Furthermore all certificates with a .crt extension found below
/usr/local/share/ca-certificates are also included as implicitly trusted.
<P>
Before terminating, <B>update-ca-certificates</B> invokes
<B>run-parts</B> on /etc/ca-certificates/update.d and calls each hook with
a list of certificates: those added are prefixed with a +, those removed are
prefixed with a -.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>
A summary of options is included below.
<DL COMPACT>
<DT id="1"><B>-h, --help</B>
<DD>
Show summary of options.
<DT id="2"><B>-v, --verbose</B>
<DD>
Be verbose. Output <B>openssl rehash</B>.
<DT id="3"><B>-f, --fresh</B>
<DD>
Fresh updates. Remove symlinks in /etc/ssl/certs directory.
</DL>
<A NAME="lbAF">&nbsp;</A>
<H2>FILES</H2>
<DL COMPACT>
<DT id="4"><I>/etc/ca-certificates.conf</I>
<DD>
A configuration file.
<DT id="5"><I>/etc/ssl/certs/ca-certificates.crt</I>
<DD>
A single-file version of CA certificates. This holds
all CA certificates that you activated in /etc/ca-certificates.conf.
<DT id="6"><I>/usr/share/ca-certificates</I>
<DD>
Directory of CA certificates.
<DT id="7"><I>/usr/local/share/ca-certificates</I>
<DD>
Directory of local CA certificates (with .crt extension).
</DL>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?1+openssl">openssl</A></B>(1)
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHOR</H2>
This manual page was written by Fumitoshi UKAI &lt;<A HREF="mailto:ukai@debian.or.jp">ukai@debian.or.jp</A>&gt;,
for the Debian project (but may be used by others).
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="8"><A HREF="#lbAB">NAME</A><DD>
<DT id="9"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="10"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="11"><A HREF="#lbAE">OPTIONS</A><DD>
<DT id="12"><A HREF="#lbAF">FILES</A><DD>
<DT id="13"><A HREF="#lbAG">SEE ALSO</A><DD>
<DT id="14"><A HREF="#lbAH">AUTHOR</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:18 GMT, March 31, 2021
</BODY>
</HTML>