tail head cat sleep
QR code linking to this page

Manual Pages  — CERTCTL

NAME

certctl – tool for managing trusted and blacklist TLS certificates

CONTENTS

SYNOPSIS


certctl [-v] list
certctl [-v] blacklisted
certctl [-nUv] [-D destdir] [-M metalog] rehash
certctl [-nv] blacklist file
certctl [-nv] unblacklist file

DESCRIPTION

The certctl utility manages the list of TLS Certificate Authorities that are trusted by applications that use OpenSSL.

Flags:
-D destdir
  Specify the DESTDIR (overriding values from the environment).
-M metalog
  Specify the path of the METALOG file (default: $DESTDIR/METALOG).
-n
  No-Op mode, do not actually perform any actions.
-v
  be verbose, print details about actions before performing them.
-U
  Unprivileged mode, do not change the ownership of created links. Do record the ownership in the METALOG file.

Primary command functions:
list List all currently trusted certificate authorities.
blacklisted
  List all currently blacklisted certificates.
rehash Rebuild the list of trusted certificate authorities by scanning all directories in TRUSTPATH and all blacklisted certificates in BLACKLISTPATH. A symbolic link to each trusted certificate is placed in CERTDESTDIR and each blacklisted certificate in BLACKLISTDESTDIR.
blacklist Add the specified file to the blacklist.
unblacklist
  Remove the specified file from the blacklist.

ENVIRONMENT

DESTDIR Alternate destination directory to operate on.
TRUSTPATH List of paths to search for trusted certificates. Default: <DESTDIR>/usr/share/certs/trusted <DESTDIR>/usr/local/share/certs <DESTDIR>/usr/local/etc/ssl/certs
BLACKLISTPATH List of paths to search for blacklisted certificates. Default: <DESTDIR>/usr/share/certs/blacklisted <DESTDIR>/usr/local/etc/ssl/blacklisted
CERTDESTDIR Destination directory for symbolic links to trusted certificates. Default: <DESTDIR>/etc/ssl/certs
BLACKLISTDESTDIR
  Destination directory for symbolic links to blacklisted certificates. Default: <DESTDIR>/etc/ssl/blacklisted
EXTENSIONS List of file extensions to read as certificate files. Default: *.pem *.crt *.cer *.crl *.0

SEE ALSO

openssl(1)

HISTORY

certctl first appeared in FreeBSD 12.2

AUTHORS

Allan Jude <Mt allanjude@freebsd.org>

CERTCTL (8) August 20, 2020

tail head cat sleep
QR code linking to this page


Please direct any comments about this manual page service to Ben Bullock. Privacy policy.