vfychain.1 (5327B)
1 '\" t 2 .\" Title: VFYCHAIN 3 .\" Author: [see the "Authors" section] 4 .\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/> 5 .\" Date: 19 May 2021 6 .\" Manual: NSS Security Tools 7 .\" Source: nss-tools 8 .\" Language: English 9 .\" 10 .TH "VFYCHAIN" "1" "19 May 2021" "nss-tools" "NSS Security Tools" 11 .\" ----------------------------------------------------------------- 12 .\" * Define some portability stuff 13 .\" ----------------------------------------------------------------- 14 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 15 .\" http://bugs.debian.org/507673 16 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html 17 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 18 .ie \n(.g .ds Aq \(aq 19 .el .ds Aq ' 20 .\" ----------------------------------------------------------------- 21 .\" * set default formatting 22 .\" ----------------------------------------------------------------- 23 .\" disable hyphenation 24 .nh 25 .\" disable justification (adjust text to left margin only) 26 .ad l 27 .\" ----------------------------------------------------------------- 28 .\" * MAIN CONTENT STARTS HERE * 29 .\" ----------------------------------------------------------------- 30 .SH "NAME" 31 vfychain_ \- vfychain [options] [revocation options] certfile [[options] certfile] \&.\&.\&. 32 .SH "SYNOPSIS" 33 .HP \w'\fBvfychain\fR\ 'u 34 \fBvfychain\fR 35 .SH "STATUS" 36 .PP 37 This documentation is still work in progress\&. Please contribute to the initial review in 38 \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2 39 .SH "DESCRIPTION" 40 .PP 41 The verification Tool, 42 \fBvfychain\fR, verifies certificate chains\&. 43 \fBmodutil\fR 44 can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&. 45 .PP 46 The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&. 47 .SH "OPTIONS" 48 .PP 49 \fB\-a\fR 50 .RS 4 51 the following certfile is base64 encoded 52 .RE 53 .PP 54 \fB\-b \fR \fIYYMMDDHHMMZ\fR 55 .RS 4 56 Validate date (default: now) 57 .RE 58 .PP 59 \fB\-d \fR \fIdirectory\fR 60 .RS 4 61 database directory 62 .RE 63 .PP 64 \fB\-f \fR 65 .RS 4 66 Enable cert fetching from AIA URL 67 .RE 68 .PP 69 \fB\-o \fR \fIoid\fR 70 .RS 4 71 Set policy OID for cert validation(Format OID\&.1\&.2\&.3) 72 .RE 73 .PP 74 \fB\-p \fR 75 .RS 4 76 Use PKIX Library to validate certificate by calling: 77 .sp 78 * CERT_VerifyCertificate if specified once, 79 .sp 80 * CERT_PKIXVerifyCert if specified twice and more\&. 81 .RE 82 .PP 83 \fB\-r \fR 84 .RS 4 85 Following certfile is raw binary DER (default) 86 .RE 87 .PP 88 \fB\-t\fR 89 .RS 4 90 Following cert is explicitly trusted (overrides db trust) 91 .RE 92 .PP 93 \fB\-u \fR \fIusage\fR 94 .RS 4 95 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA 96 .RE 97 .PP 98 \fB\-T \fR 99 .RS 4 100 Trust both explicit trust anchors (\-t) and the database\&. (Without this option, the default is to only trust certificates marked \-t, if there are any, or to trust the database if there are certificates marked \-t\&.) 101 .RE 102 .PP 103 \fB\-v \fR 104 .RS 4 105 Verbose mode\&. Prints root cert subject(double the argument for whole root cert info) 106 .RE 107 .PP 108 \fB\-w \fR \fIpassword\fR 109 .RS 4 110 Database password 111 .RE 112 .PP 113 \fB\-W \fR \fIpwfile\fR 114 .RS 4 115 Password file 116 .RE 117 .PP 118 .RS 4 119 Revocation options for PKIX API (invoked with \-pp options) is a collection of the following flags: [\-g type [\-h flags] [\-m type [\-s flags]] \&.\&.\&.] \&.\&.\&. 120 .sp 121 Where: 122 .RE 123 .PP 124 \fB\-g \fR \fItest\-type\fR 125 .RS 4 126 Sets status checking test type\&. Possible values are "leaf" or "chain" 127 .RE 128 .PP 129 \fB\-g \fR \fItest type\fR 130 .RS 4 131 Sets status checking test type\&. Possible values are "leaf" or "chain"\&. 132 .RE 133 .PP 134 \fB\-h \fR \fItest flags\fR 135 .RS 4 136 Sets revocation flags for the test type it follows\&. Possible flags: "testLocalInfoFirst" and "requireFreshInfo"\&. 137 .RE 138 .PP 139 \fB\-m \fR \fImethod type\fR 140 .RS 4 141 Sets method type for the test type it follows\&. Possible types are "crl" and "ocsp"\&. 142 .RE 143 .PP 144 \fB\-s \fR \fImethod flags\fR 145 .RS 4 146 Sets revocation flags for the method it follows\&. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo"\&. 147 .RE 148 .SH "ADDITIONAL RESOURCES" 149 .PP 150 For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at 151 \m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&. 152 .PP 153 Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto 154 .PP 155 IRC: Freenode at #dogtag\-pki 156 .SH "AUTHORS" 157 .PP 158 The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&. 159 .PP 160 Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&. 161 .SH "LICENSE" 162 .PP 163 Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&. 164 .SH "NOTES" 165 .IP " 1." 4 166 Mozilla NSS bug 836477 167 .RS 4 168 \%https://bugzilla.mozilla.org/show_bug.cgi?id=836477 169 .RE