From f2beacb7c59b9c4b41b00da993c747fd814882a8 Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Thu, 29 Aug 2013 11:46:08 +0200 Subject: trust: Document the new command line trust tool --- doc/manual/p11-kit.xml | 145 +++---------------------------------------------- 1 file changed, 7 insertions(+), 138 deletions(-) (limited to 'doc/manual/p11-kit.xml') diff --git a/doc/manual/p11-kit.xml b/doc/manual/p11-kit.xml index 325f5db..bc618f9 100644 --- a/doc/manual/p11-kit.xml +++ b/doc/manual/p11-kit.xml @@ -33,8 +33,7 @@ p11-kit list-modules - p11-kit extract --filter=<what> - --format=<type> /path/to/destination + p11-kit extract ... @@ -81,128 +80,8 @@ $ p11-kit list-modules Extract certificates from configured PKCS#11 modules. - -$ p11-kit extract --format=x509-directory --filter=ca-anchors /path/to/directory - - - You can specify the following options to control what to extract. - The and arguments - should be specified. By default this command will not overwrite the - destination file or directory. - - - - - Add identifying comments to PEM bundle output files - before each certificate. - - - - - Specifies what certificates to extract. You can specify the following values: - - - - Certificate anchors (default) - - - - Anchors and blacklist - - - - Blacklisted certificates - - - - All certificates - - - - A PKCS#11 URI - - - - - If an output format is chosen that cannot support type what has been - specified by the filter, a message will be printed. - - None of the available formats support storage of blacklist entries - that do not contain a full certificate. Thus any certificates blacklisted by - their issuer and serial number alone, are not included in the extracted - blacklist. - - - - - The format of the destination file or directory. - You can specify one of the following values: - - - - DER X.509 certificate file - - - - directory of X.509 certificates - - - - File containing one or more certificate PEM blocks - - - - Directory PEM files each containing one certifiacte - - - - OpenSSL specific PEM bundle of certificates - - - - Directory of OpenSSL specific PEM files - - - - Java keystore 'cacerts' certificate bundle - - - - - - - Overwrite output file or directory. - - - - Limit to certificates usable for the given purpose - You can specify one of the following values: - - - - For authenticating servers - - - - For authenticating clients - - - - For email protection - - - - For authenticated signed code - - - - An arbitrary purpose OID - - - - - - + See trust1 + for more information @@ -210,21 +89,11 @@ $ p11-kit extract --format=x509-directory --filter=ca-anchors /path/to/directory Extract standard trust information files. - -$ p11-kit extract-trust - - - OpenSSL, GnuTLS and Java cannot currently read trust information - directly from the trust policy module. This command extracts trust - information such as certificate anchors for use by these libraries. - - What this command does, and where it extracts the files is - distribution or site specific. Packagers or administrators are expected - customize this command. - + See trust1 + for more information - + Bugs Please send bug reports to either the distribution bug tracker @@ -233,7 +102,7 @@ $ p11-kit extract-trust - + See also pkcs11.conf5 -- cgit v1.1