nss-3.41/nss/doc/nroff/vfychain.1 - manifest_repos/nss - Git at Google

 '\" t
 .\"     Title: VFYCHAIN
 .\"    Author: [see the "Authors" section]
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
 .\"      Date:  5 June 2014
 .\"    Manual: NSS Security Tools
 .\"    Source: nss-tools
 .\"  Language: English
 .\"
 .TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .\" http://bugs.debian.org/507673
 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 .ie \n(.g .ds Aq \(aq
 .el       .ds Aq '
 .\" -----------------------------------------------------------------
 .\" * set default formatting
 .\" -----------------------------------------------------------------
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
 .ad l
 .\" -----------------------------------------------------------------
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
 vfychain_ \- vfychain [options] [revocation options] certfile [[options] certfile] \&.\&.\&.
 .SH "SYNOPSIS"
 .HP \w'\fBvfychain\fR\ 'u
 \fBvfychain\fR
 .SH "STATUS"
 .PP
 This documentation is still work in progress\&. Please contribute to the initial review in
 \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
 .SH "DESCRIPTION"
 .PP
 The verification Tool,
 \fBvfychain\fR, verifies certificate chains\&.
 \fBmodutil\fR
 can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&.
 .PP
 The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&.
 .SH "OPTIONS"
 .PP
 \fB\-a\fR
 .RS 4
 the following certfile is base64 encoded
 .RE
 .PP
 \fB\-b \fR \fIYYMMDDHHMMZ\fR
 .RS 4
 Validate date (default: now)
 .RE
 .PP
 \fB\-d \fR \fIdirectory\fR
 .RS 4
 database directory
 .RE
 .PP
 \fB\-f \fR
 .RS 4
 Enable cert fetching from AIA URL
 .RE
 .PP
 \fB\-o \fR \fIoid\fR
 .RS 4
 Set policy OID for cert validation(Format OID\&.1\&.2\&.3)
 .RE
 .PP
 \fB\-p \fR
 .RS 4
 Use PKIX Library to validate certificate by calling:
 .sp
 * CERT_VerifyCertificate if specified once,
 .sp
 * CERT_PKIXVerifyCert if specified twice and more\&.
 .RE
 .PP
 \fB\-r \fR
 .RS 4
 Following certfile is raw binary DER (default)
 .RE
 .PP
 \fB\-t\fR
 .RS 4
 Following cert is explicitly trusted (overrides db trust)
 .RE
 .PP
 \fB\-u \fR \fIusage\fR
 .RS 4
 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
 .RE
 .PP
 \fB\-T \fR
 .RS 4
 Trust both explicit trust anchors (\-t) and the database\&. (Without this option, the default is to only trust certificates marked \-t, if there are any, or to trust the database if there are certificates marked \-t\&.)
 .RE
 .PP
 \fB\-v \fR
 .RS 4
 Verbose mode\&. Prints root cert subject(double the argument for whole root cert info)
 .RE
 .PP
 \fB\-w \fR \fIpassword\fR
 .RS 4
 Database password
 .RE
 .PP
 \fB\-W \fR \fIpwfile\fR
 .RS 4
 Password file
 .RE
 .PP
 .RS 4
 Revocation options for PKIX API (invoked with \-pp options) is a collection of the following flags: [\-g type [\-h flags] [\-m type [\-s flags]] \&.\&.\&.] \&.\&.\&.
 .sp
 Where:
 .RE
 .PP
 \fB\-g \fR \fItest\-type\fR
 .RS 4
 Sets status checking test type\&. Possible values are "leaf" or "chain"
 .RE
 .PP
 \fB\-g \fR \fItest type\fR
 .RS 4
 Sets status checking test type\&. Possible values are "leaf" or "chain"\&.
 .RE
 .PP
 \fB\-h \fR \fItest flags\fR
 .RS 4
 Sets revocation flags for the test type it follows\&. Possible flags: "testLocalInfoFirst" and "requireFreshInfo"\&.
 .RE
 .PP
 \fB\-m \fR \fImethod type\fR
 .RS 4
 Sets method type for the test type it follows\&. Possible types are "crl" and "ocsp"\&.
 .RE
 .PP
 \fB\-s \fR \fImethod flags\fR
 .RS 4
 Sets revocation flags for the method it follows\&. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo"\&.
 .RE
 .SH "ADDITIONAL RESOURCES"
 .PP
 For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
 \m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
 .PP
 Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
 .PP
 IRC: Freenode at #dogtag\-pki
 .SH "AUTHORS"
 .PP
 The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
 .PP
 Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
 .SH "LICENSE"
 .PP
 Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
 .SH "NOTES"
 .IP " 1." 4
 Mozilla NSS bug 836477
 .RS 4
 \%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
 .RE
	'\" t
	.\" Title: VFYCHAIN
	.\" Author: [see the "Authors" section]
	.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
	.\" Date: 5 June 2014
	.\" Manual: NSS Security Tools
	.\" Source: nss-tools
	.\" Language: English
	.\"
	.TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
	.\" -----------------------------------------------------------------
	.\" * Define some portability stuff
	.\" -----------------------------------------------------------------
	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	.\" http://bugs.debian.org/507673
	.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
	.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	.ie \n(.g .ds Aq \(aq
	.el .ds Aq '
	.\" -----------------------------------------------------------------
	.\" * set default formatting
	.\" -----------------------------------------------------------------
	.\" disable hyphenation
	.nh
	.\" disable justification (adjust text to left margin only)
	.ad l
	.\" -----------------------------------------------------------------
	.\" * MAIN CONTENT STARTS HERE *
	.\" -----------------------------------------------------------------
	.SH "NAME"
	vfychain_ \- vfychain [options] [revocation options] certfile [[options] certfile] \&.\&.\&.
	.SH "SYNOPSIS"
	.HP \w'\fBvfychain\fR\ 'u
	\fBvfychain\fR
	.SH "STATUS"
	.PP
	This documentation is still work in progress\&. Please contribute to the initial review in
	\m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
	.SH "DESCRIPTION"
	.PP
	The verification Tool,
	\fBvfychain\fR, verifies certificate chains\&.
	\fBmodutil\fR
	can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&.
	.PP
	The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&.
	.SH "OPTIONS"
	.PP
	\fB\-a\fR
	.RS 4
	the following certfile is base64 encoded
	.RE
	.PP
	\fB\-b \fR \fIYYMMDDHHMMZ\fR
	.RS 4
	Validate date (default: now)
	.RE
	.PP
	\fB\-d \fR \fIdirectory\fR
	.RS 4
	database directory
	.RE
	.PP
	\fB\-f \fR
	.RS 4
	Enable cert fetching from AIA URL
	.RE
	.PP
	\fB\-o \fR \fIoid\fR
	.RS 4
	Set policy OID for cert validation(Format OID\&.1\&.2\&.3)
	.RE
	.PP
	\fB\-p \fR
	.RS 4
	Use PKIX Library to validate certificate by calling:
	.sp
	* CERT_VerifyCertificate if specified once,
	.sp
	* CERT_PKIXVerifyCert if specified twice and more\&.
	.RE
	.PP
	\fB\-r \fR
	.RS 4
	Following certfile is raw binary DER (default)
	.RE
	.PP
	\fB\-t\fR
	.RS 4
	Following cert is explicitly trusted (overrides db trust)
	.RE
	.PP
	\fB\-u \fR \fIusage\fR
	.RS 4
	0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
	.RE
	.PP
	\fB\-T \fR
	.RS 4
	Trust both explicit trust anchors (\-t) and the database\&. (Without this option, the default is to only trust certificates marked \-t, if there are any, or to trust the database if there are certificates marked \-t\&.)
	.RE
	.PP
	\fB\-v \fR
	.RS 4
	Verbose mode\&. Prints root cert subject(double the argument for whole root cert info)
	.RE
	.PP
	\fB\-w \fR \fIpassword\fR
	.RS 4
	Database password
	.RE
	.PP
	\fB\-W \fR \fIpwfile\fR
	.RS 4
	Password file
	.RE
	.PP
	.RS 4
	Revocation options for PKIX API (invoked with \-pp options) is a collection of the following flags: [\-g type [\-h flags] [\-m type [\-s flags]] \&.\&.\&.] \&.\&.\&.
	.sp
	Where:
	.RE
	.PP
	\fB\-g \fR \fItest\-type\fR
	.RS 4
	Sets status checking test type\&. Possible values are "leaf" or "chain"
	.RE
	.PP
	\fB\-g \fR \fItest type\fR
	.RS 4
	Sets status checking test type\&. Possible values are "leaf" or "chain"\&.
	.RE
	.PP
	\fB\-h \fR \fItest flags\fR
	.RS 4
	Sets revocation flags for the test type it follows\&. Possible flags: "testLocalInfoFirst" and "requireFreshInfo"\&.
	.RE
	.PP
	\fB\-m \fR \fImethod type\fR
	.RS 4
	Sets method type for the test type it follows\&. Possible types are "crl" and "ocsp"\&.
	.RE
	.PP
	\fB\-s \fR \fImethod flags\fR
	.RS 4
	Sets revocation flags for the method it follows\&. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo"\&.
	.RE
	.SH "ADDITIONAL RESOURCES"
	.PP
	For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
	\m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
	.PP
	Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
	.PP
	IRC: Freenode at #dogtag\-pki
	.SH "AUTHORS"
	.PP
	The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
	.PP
	Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
	.SH "LICENSE"
	.PP
	Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
	.SH "NOTES"
	.IP " 1." 4
	Mozilla NSS bug 836477
	.RS 4
	\%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
	.RE