index.rst (3521B)
1 .. _mozilla_projects_nss_reference_nss_tools_:_vfychain: 2 3 NSS tools : vfychain 4 ==================== 5 6 .. container:: 7 8 Name 9 10 | vfychain — vfychain [options] [revocation options] certfile [[options] 11 | certfile] ... 12 13 Synopsis 14 15 vfychain 16 17 Description 18 19 | The verification Tool, vfychain, verifies certificate chains. modutil can 20 | add and delete PKCS #11 modules, change passwords on security databases, 21 | set defaults, list module contents, enable or disable slots, enable or 22 | disable FIPS 140-2 compliance, and assign default providers for 23 | cryptographic operations. This tool can also create certificate, key, and 24 | module security database files. 25 26 | The tasks associated with security module database management are part of 27 | a process that typically also involves managing key databases and 28 | certificate databases. 29 30 Options 31 32 | -a 33 | the following certfile is base64 encoded 34 35 | -b YYMMDDHHMMZ 36 | Validate date (default: now) 37 38 | -d directory 39 | database directory 40 41 | -f 42 | Enable cert fetching from AIA URL 43 44 | -o oid 45 | Set policy OID for cert validation(Format OID.1.2.3) 46 47 -p 48 49 Use PKIX Library to validate certificate by calling: 50 51 \* CERT_VerifyCertificate if specified once, 52 53 \* CERT_PKIXVerifyCert if specified twice and more. 54 55 | -r 56 | Following certfile is raw binary DER (default) 57 58 | -t 59 | Following cert is explicitly trusted (overrides db trust) 60 61 -u usage 62 63 | 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email 64 | signer, 5=Email recipient, 6=Object signer, 65 | 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA 66 67 | -v 68 | Verbose mode. Prints root cert subject(double the argument for 69 | whole root cert info) 70 71 | -w password 72 | Database password 73 74 | -W pwfile 75 | Password file 76 77 | Revocation options for PKIX API (invoked with -pp options) is a 78 | collection of the following flags: [-g type [-h flags] [-m type 79 | [-s flags]] ...] ... 80 81 Where: 82 83 | -g test-type 84 | Sets status checking test type. Possible values are "leaf" or 85 | "chain" 86 87 | -g test type 88 | Sets status checking test type. Possible values are "leaf" or 89 | "chain". 90 91 | -h test flags 92 | Sets revocation flags for the test type it follows. Possible 93 | flags: "testLocalInfoFirst" and "requireFreshInfo". 94 95 | -m method type 96 | Sets method type for the test type it follows. Possible types are 97 | "crl" and "ocsp". 98 99 | -s method flags 100 | Sets revocation flags for the method it follows. Possible types 101 | are "doNotUse", "forbidFetching", "ignoreDefaultSrc", 102 | "requireInfo" and "failIfNoInfo". 103 104 Additional Resources 105 106 | For information about NSS and other tools related to NSS (like JSS), check 107 | out the NSS project wiki at 108 | [1]\ `http://www.mozilla.org/projects/security/pki/nss/ <https://www.mozilla.org/projects/security/pki/nss/>`__. 109 The NSS site relates 110 | directly to NSS code changes and releases. 111 112 Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto 113 114 IRC: Freenode at #dogtag-pki 115 116 Authors 117 118 | The NSS tools were written and maintained by developers with Netscape, Red 119 | Hat, and Sun. 120 121 | Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey 122 | <dlackey@redhat.com>. 123 124 Copyright 125 126 (c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2. 127 128 References 129 130 | Visible links 131 | 1. 132 `http://www.mozilla.org/projects/security/pki/nss/ <https://www.mozilla.org/projects/security/pki/nss/>`__