tail head cat sleep
QR code linking to this page

Manual Pages  — CERTCTL


certctl – tool for managing trusted and blacklist TLS certificates



certctl [-v] list
certctl [-v] blacklisted
certctl [-nUv] [-D destdir] [-M metalog] rehash
certctl [-nv] blacklist file
certctl [-nv] unblacklist file


The certctl utility manages the list of TLS Certificate Authorities that are trusted by applications that use OpenSSL.

-D destdir
  Specify the DESTDIR (overriding values from the environment).
-M metalog
  Specify the path of the METALOG file (default: $DESTDIR/METALOG).
  No-Op mode, do not actually perform any actions.
  be verbose, print details about actions before performing them.
  Unprivileged mode, do not change the ownership of created links. Do record the ownership in the METALOG file.

Primary command functions:
list List all currently trusted certificate authorities.
  List all currently blacklisted certificates.
rehash Rebuild the list of trusted certificate authorities by scanning all directories in TRUSTPATH and all blacklisted certificates in BLACKLISTPATH. A symbolic link to each trusted certificate is placed in CERTDESTDIR and each blacklisted certificate in BLACKLISTDESTDIR.
blacklist Add the specified file to the blacklist.
  Remove the specified file from the blacklist.


DESTDIR Alternate destination directory to operate on.
TRUSTPATH List of paths to search for trusted certificates. Default: <DESTDIR>/usr/share/certs/trusted <DESTDIR>/usr/local/share/certs <DESTDIR>/usr/local/etc/ssl/certs
BLACKLISTPATH List of paths to search for blacklisted certificates. Default: <DESTDIR>/usr/share/certs/blacklisted <DESTDIR>/usr/local/etc/ssl/blacklisted
CERTDESTDIR Destination directory for symbolic links to trusted certificates. Default: <DESTDIR>/etc/ssl/certs
  Destination directory for symbolic links to blacklisted certificates. Default: <DESTDIR>/etc/ssl/blacklisted
EXTENSIONS List of file extensions to read as certificate files. Default: *.pem *.crt *.cer *.crl *.0




certctl first appeared in FreeBSD 12.2


Allan Jude <Mt allanjude@freebsd.org>

CERTCTL (8) August 20, 2020

tail head cat sleep
QR code linking to this page

Please direct any comments about this manual page service to Ben Bullock. Privacy policy.

… one of the main causes of the fall of the Roman Empire was that, lacking zero, they had no way to indicate successful termination of their C programs.
— Robert Firth