Unix/Linux Go Back    

CentOS 7.0 - man page for vfychain (centos section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

VFYCHAIN(1)				NSS Security Tools			      VFYCHAIN(1)

       vfychain_ - vfychain [options] [revocation options] certfile [[options] certfile] ...


       This documentation is still work in progress. Please contribute to the initial review in
       Mozilla NSS bug 836477[1]

       The verification Tool, vfychain, verifies certificate chains.  modutil can add and delete
       PKCS #11 modules, change passwords on security databases, set defaults, list module
       contents, enable or disable slots, enable or disable FIPS 140-2 compliance, and assign
       default providers for cryptographic operations. This tool can also create certificate,
       key, and module security database files.

       The tasks associated with security module database management are part of a process that
       typically also involves managing key databases and certificate databases.

	   the following certfile is base64 encoded

       -b  YYMMDDHHMMZ
	   Validate date (default: now)

       -d  directory
	   database directory

	   Enable cert fetching from AIA URL

       -o  oid
	   Set policy OID for cert validation(Format OID.1.2.3)

	   Use PKIX Library to validate certificate by calling:

	   * CERT_VerifyCertificate if specified once,

	   * CERT_PKIXVerifyCert if specified twice and more.

	   Following certfile is raw binary DER (default)

	   Following cert is explicitly trusted (overrides db trust)

       -u  usage
	   0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient,
	   6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA

	   Trust both explicit trust anchors (-t) and the database. (Without this option, the
	   default is to only trust certificates marked -t, if there are any, or to trust the
	   database if there are certificates marked -t.)

	   Verbose mode. Prints root cert subject(double the argument for whole root cert info)

       -w  password
	   Database password

       -W  pwfile
	   Password file

	   Revocation options for PKIX API (invoked with -pp options) is a collection of the
	   following flags: [-g type [-h flags] [-m type [-s flags]] ...] ...


       -g  test-type
	   Sets status checking test type. Possible values are "leaf" or "chain"

       -g  test type
	   Sets status checking test type. Possible values are "leaf" or "chain".

       -h  test flags
	   Sets revocation flags for the test type it follows. Possible flags:
	   "testLocalInfoFirst" and "requireFreshInfo".

       -m  method type
	   Sets method type for the test type it follows. Possible types are "crl" and "ocsp".

       -s  method flags
	   Sets revocation flags for the method it follows. Possible types are "doNotUse",
	   "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo".

       For information about NSS and other tools related to NSS (like JSS), check out the NSS
       project wiki at http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates
       directly to NSS code changes and releases.

       Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

       IRC: Freenode at #dogtag-pki

       The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun,
       Oracle, Mozilla, and Google.

       Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey <dlackey@redhat.com>.

       Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL was not
       distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.

	1. Mozilla NSS bug 836477

nss-tools				 12 November 2013			      VFYCHAIN(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 09:19 AM.