tail head cat sleep
QR code linking to this page
Main index Section 8
Go to:
Options

Manual Pages  — CERTCTL

NAME

certctl – tool for managing trusted and untrusted TLS certificates

CONTENTS

SYNOPSIS


certctl [-v] list
certctl [-v] untrusted
certctl [-nUv] [-D destdir] [-M metalog] rehash
certctl [-nv] untrust file
certctl [-nv] trust file

DESCRIPTION

The certctl utility manages the list of TLS Certificate Authorities that are trusted by applications that use OpenSSL.

Flags:
-D destdir
  Specify the DESTDIR (overriding values from the environment).
-d distbase
  Specify the DISTBASE (overriding values from the environment).
-M metalog
  Specify the path of the METALOG file (default: $DESTDIR/METALOG).
-n
  No-Op mode, do not actually perform any actions.
-v
  Be verbose, print details about actions before performing them.
-U
  Unprivileged mode, do not change the ownership of created links. Do record the ownership in the METALOG file.

Primary command functions:
list List all currently trusted certificate authorities.
untrusted
  List all currently untrusted certificates.
rehash Rebuild the list of trusted certificate authorities by scanning all directories in TRUSTPATH and all untrusted certificates in UNTRUSTPATH. A symbolic link to each trusted certificate is placed in CERTDESTDIR and each untrusted certificate in UNTRUSTDESTDIR.
untrust Add the specified file to the untrusted list.
trust Remove the specified file from the untrusted list.

ENVIRONMENT

DESTDIR Alternate destination directory to operate on.
DISTBASE Additional path component to include when operating on certificate directories.
TRUSTPATH List of paths to search for trusted certificates. Default: <DESTDIR><DISTBASE>/usr/share/certs/trusted <DESTDIR><DISTBASE>/usr/local/share/certs <DESTDIR><DISTBASE>/usr/local/etc/ssl/certs
UNTRUSTPATH List of paths to search for untrusted certificates. Default: <DESTDIR><DISTBASE>/usr/share/certs/untrusted <DESTDIR><DISTBASE>/usr/local/etc/ssl/untrusted <DESTDIR><DISTBASE>/usr/local/etc/ssl/blacklisted
CERTDESTDIR Destination directory for symbolic links to trusted certificates. Default: <DESTDIR><DISTBASE>/etc/ssl/certs
UNTRUSTDESTDIR
  Destination directory for symbolic links to untrusted certificates. Default: <DESTDIR><DISTBASE>/etc/ssl/untrusted
EXTENSIONS List of file extensions to read as certificate files. Default: *.pem *.crt *.cer *.crl *.0

SEE ALSO

openssl(1)

HISTORY

certctl first appeared in FreeBSD 12.2

AUTHORS

Allan Jude <Mt allanjude@freebsd.org>
CERTCTL (8) July 13, 2022
tail head cat sleep
QR code linking to this page
Main index Section 8
Go to:
Options

Please direct any comments about this manual page service to Ben Bullock. Privacy policy.

A typical Unix /bin or /usr/bin directory contains a hundred different kinds of programs, written by dozens of egotistical programmers, each with its own syntax, operating paradigm, rules of use ... strategies for specifying options, and different sets of constraints.
— The Unix Haters' handbook