crypto_certs(4) [opensolaris man page]
crypto_certs(4) File Formats crypto_certs(4) NAME
crypto_certs - directory for certificate files for Solaris Cryptographic Framework SYNOPSIS
/etc/crypto/certs/CA /etc/crypto/certs/SUNWobjectCA /etc/crypto/certs/* DESCRIPTION
The /etc/crypto/certs directory contains ASN.1 BER or PEM encoded certificate files for use by the Solaris Cryptographic Framework. A default installation contains root anchors and signing certificates. The CA and SUNWobjectCA certificates are the trust anchors for all other certificates. Other certificates contain the certificates used to sign and verify the Solaris user and kernel cryptographic plug-ins Additional signing certificates may be installed by third-party cryptographic providers. They should either be copied to /etc/crypto/certs or included in the package that delivers the provider. Only certificates that are issued by the CA or SUNWobjectCA certificates and include the organization unit "Solaris Cryptographic Frame- work" in their subject distinguished names are accepted by the Solaris Cryptographic Framework. This restriction is in place due to US Export Law on the export of open cryptographic interfaces at the time of shipping this revision of the product. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWcsr | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
elfsign(1), libpkcs11(3LIB), attributes(5) SunOS 5.11 23 Feb 2007 crypto_certs(4)
Check Out this Related Man Page
UPDATE-CA-CERTIFICATES(8) System Manager's Manual UPDATE-CA-CERTIFICATES(8) NAME
update-ca-certificates - update system CA certificates SYNOPSIS
update-ca-certificates [options] DESCRIPTION
update-ca-certificates updates the directory /etc/ssl/certs to hold SSL certificates and generates /etc/ssl/ca-bundle.pem, a concatenated single-file list of certificates. It reads the file /etc/ca-certificates.conf. Each line gives a pathname of a CA certificate under /usr/share/ca-certificates that should be trusted. Lines that begin with "#" are comment lines and thus ignored. Lines that begin with "!" are deselected, causing the deactivation of the CA certificate in question. All certificates are implicitly trusted if no trusted certificates are listed. Furthermore all certificates found below /usr/local/share/ca-certificates are also included as implicitly trusted. After populating /etc/ssl/certs update-ca-certificates invokes custom hooks in /usr/lib/ca-certificates/update.d/*.run and /etc/ca-certifi- cates/update.d/*.run. The command line options used for invoking update-ca-certificates are passed to the hooks as well. OPTIONS
A summary of options is included below. -h, --help Show summary of options. -v, --verbose Be verbose. Output c_rehash. -f, --fresh Fresh updates. Removes symlinks in /etc/ssl/certs directory and re-creates them from scratch. FILES
/etc/ca-certificates.conf A configuration file. /etc/ssl/ca-bundle.pem A single-file version of all CA certificates. Use of this file is deprecated and should only be used as last resort by applications that cannot parse the /etc/ssl/certs directory. /usr/share/ca-certificates Directory of CA certificates. /usr/local/share/ca-certificates Directory of local CA certificates. SEE ALSO
c_rehash(1), AUTHOR
This manual page was written by Fumitoshi UKAI <ukai@debian.or.jp>, for the Debian project and modified by Ludwig Nussel <ludwig.nus- sel@suse.de>. 27 April 2010 UPDATE-CA-CERTIFICATES(8)