index.rst (3983B)
1 .. _mozilla_projects_nss_tools_vfychain: 2 3 NSS tools : vfychain 4 ==================== 5 6 .. container:: 7 8 | Name 9 | vfychain — vfychain [options] [revocation options] certfile [[options] 10 | certfile] ... 11 | Synopsis 12 | vfychain 13 | Description 14 | The verification Tool, vfychain, verifies certificate chains. modutil can 15 | add and delete PKCS #11 modules, change passwords on security databases, 16 | set defaults, list module contents, enable or disable slots, enable or 17 | disable FIPS 140-2 compliance, and assign default providers for 18 | cryptographic operations. This tool can also create certificate, key, and 19 | module security database files. 20 | The tasks associated with security module database management are part of 21 | a process that typically also involves managing key databases and 22 | certificate databases. 23 | Options 24 | -a 25 | the following certfile is base64 encoded 26 | -b YYMMDDHHMMZ 27 | Validate date (default: now) 28 | -d directory 29 | database directory 30 | -f 31 | Enable cert fetching from AIA URL 32 | -o oid 33 | Set policy OID for cert validation(Format OID.1.2.3) 34 | -p 35 | Use PKIX Library to validate certificate by calling: 36 | \* CERT_VerifyCertificate if specified once, 37 | \* CERT_PKIXVerifyCert if specified twice and more. 38 | -r 39 | Following certfile is raw binary DER (default) 40 | -t 41 | Following cert is explicitly trusted (overrides db trust) 42 | -u usage 43 | 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email 44 | signer, 5=Email recipient, 6=Object signer, 45 | 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA 46 | -v 47 | Verbose mode. Prints root cert subject(double the argument for 48 | whole root cert info) 49 | -w password 50 | Database password 51 | -W pwfile 52 | Password file 53 | Revocation options for PKIX API (invoked with -pp options) is a 54 | collection of the following flags: [-g type [-h flags] [-m type 55 | [-s flags]] ...] ... 56 | Where: 57 | -g test-type 58 | Sets status checking test type. Possible values are "leaf" or 59 | "chain" 60 | -g test type 61 | Sets status checking test type. Possible values are "leaf" or 62 | "chain". 63 | -h test flags 64 | Sets revocation flags for the test type it follows. Possible 65 | flags: "testLocalInfoFirst" and "requireFreshInfo". 66 | -m method type 67 | Sets method type for the test type it follows. Possible types are 68 | "crl" and "ocsp". 69 | -s method flags 70 | Sets revocation flags for the method it follows. Possible types 71 | are "doNotUse", "forbidFetching", "ignoreDefaultSrc", 72 | "requireInfo" and "failIfNoInfo". 73 | Additional Resources 74 | For information about NSS and other tools related to NSS (like JSS), check 75 | out the NSS project wiki at 76 | 77 [1]\ `http://www.mozilla.org/projects/security/pki/nss/ <https://www.mozilla.org/projects/security/pki/nss/>`__. 78 The NSS site relates 79 | directly to NSS code changes and releases. 80 | Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto 81 | IRC: Freenode at #dogtag-pki 82 | Authors 83 | The NSS tools were written and maintained by developers with Netscape, Red 84 | Hat, and Sun. 85 | Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey 86 | <dlackey@redhat.com>. 87 | Copyright 88 | (c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2. 89 | References 90 | Visible links 91 | 1. 92 `http://www.mozilla.org/projects/security/pki/nss/ <https://www.mozilla.org/projects/security/pki/nss/>`__