mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-10-18 17:26:29 +00:00
80 lines
2.7 KiB
Text
80 lines
2.7 KiB
Text
[id='proc_managing-trusted-system-certificates']
|
|
= Managing Trusted System Certificates
|
|
|
|
To list, extract, add, remove, or change trust anchors, use the [command]`trust` command. To see the built-in help for this command, enter it without any arguments or with the [option]`--help` directive:
|
|
|
|
[subs="quotes, macros"]
|
|
----
|
|
$ [command]`trust`
|
|
usage: trust command <args>...
|
|
|
|
Common trust commands are:
|
|
list List trust or certificates
|
|
extract Extract certificates and trust
|
|
extract-compat Extract trust compatibility bundles
|
|
anchor Add, remove, change trust anchors
|
|
dump Dump trust objects in internal format
|
|
|
|
See 'trust <command> --help' for more information
|
|
----
|
|
|
|
To list all system trust anchors and certificates, use the [command]`trust list` command:
|
|
|
|
[subs="quotes, macros"]
|
|
----
|
|
$ [command]`trust list`
|
|
pkcs11:id=%d2%87%b4%e3%df%37%27%93%55%f6%56%ea%81%e5%36%cc%8c%1e%3f%bd;type=cert
|
|
type: certificate
|
|
label: ACCVRAIZ1
|
|
trust: anchor
|
|
category: authority
|
|
|
|
pkcs11:id=%a6%b3%e1%2b%2b%49%b6%d7%73%a1%aa%94%f5%01%e7%73%65%4c%ac%50;type=cert
|
|
type: certificate
|
|
label: ACEDICOM Root
|
|
trust: anchor
|
|
category: authority
|
|
...
|
|
[output has been truncated]
|
|
----
|
|
|
|
|
|
|
|
To store a trust anchor into the system-wide trust store, use the [command]`trust anchor` sub-command and specify a _path.to_ a certificate, for example:
|
|
|
|
[subs="macros"]
|
|
----
|
|
# trust anchor pass:quotes[_path.to/certificate.crt_]
|
|
----
|
|
|
|
To remove a certificate, use either a _path.to_ a certificate or an ID of a certificate:
|
|
|
|
[subs="macros"]
|
|
----
|
|
# trust anchor --remove pass:quotes[_path.to/certificate.crt_]
|
|
# trust anchor --remove pass:quotes[_"pkcs11:id=%AA%BB%CC%DD%EE;type=cert"_]
|
|
----
|
|
|
|
.More information
|
|
|
|
All sub-commands of the [command]`trust` commands offer a detailed built-in help, for example:
|
|
|
|
----
|
|
$ trust list --help
|
|
usage: trust list --filter=<what>
|
|
|
|
--filter=<what> filter of what to export
|
|
ca-anchors certificate anchors
|
|
blacklist blacklisted certificates
|
|
trust-policy anchors and blacklist (default)
|
|
certificates all certificates
|
|
pkcs11:object=xx a PKCS#11 URI
|
|
--purpose=<usage> limit to certificates usable for the purpose
|
|
server-auth for authenticating servers
|
|
client-auth for authenticating clients
|
|
email for email protection
|
|
code-signing for authenticating signed code
|
|
1.2.3.4.5... an arbitrary object id
|
|
-v, --verbose show verbose debug output
|
|
-q, --quiet suppress command output
|
|
----
|