Changes in postlfs/security/make-ca.xml [31dc50d:9873d1ea]
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
postlfs/security/make-ca.xml
r31dc50d r9873d1ea 11 11 12 12 <!ENTITY make-ca-download "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz"> 13 <!ENTITY make-ca-size " 30KB">14 <!ENTITY make-ca-md5sum " 957c39206ba0e9139807c5a47535747f">13 <!ENTITY make-ca-size "28.5 KB"> 14 <!ENTITY make-ca-md5sum "e0356f5ae5623f227a3f69b5e8848ec6"> 15 15 ]> 16 16 … … 19 19 20 20 <sect1info> 21 <othername>$LastChangedBy$</othername> 21 22 <date>$Date$</date> 22 23 </sect1info> … … 52 53 </para> 53 54 54 &lfs1 10a_checked;55 &lfs10_checked; 55 56 56 57 <bridgehead renderas="sect3">Package Information</bridgehead> … … 221 222 <para> 222 223 The <filename class="directory">/etc/ssl/local</filename> directory 223 is available to add additional CA certificates to the system trust store. 224 This directory is also used to store certificates that were added to or 225 modified in the system trust store by <xref linkend="p11-kit"/> so that 226 trust values are maintained across upgrades. Files in this directory must 227 be in the <application>OpenSSL</application> trusted certificate format. 228 Certificates imported using the <command>trust</command> utility from 229 <xref linkend="p11-kit"/> will utilize the x509 Extended Key Usage values 230 to assign default trust values for the system anchors. 231 </para> 232 233 <para>If you need to override trust values, or otherwise need to create 234 an <application>OpenSSL</application> trusted certificate manually 235 from a regular PEM encoded file, you need to add trust arguments to the 224 is available to add additional CA certificates to the system. For 225 instance, you might need to add an organization or government CA 226 certificate. Files in this directory must be in the 227 <application>OpenSSL</application> trusted certificate format. To 228 create an <application>OpenSSL</application> trusted certificate from 229 a regular PEM encoded file, you need to add trust arguments to the 236 230 <command>openssl</command> command, and create a new certificate. For 237 231 example, using the <ulink url="http://www.cacert.org/">CAcert</ulink> … … 250 244 -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \ 251 245 > /etc/ssl/local/CAcert_Class_3_root.pem && 252 /usr/sbin/make-ca -r </userinput></screen>246 /usr/sbin/make-ca -r -f</userinput></screen> 253 247 254 248 <bridgehead renderas="sect3">Overriding Mozilla Trust</bridgehead> … … 272 266 -addreject codeSigning \ 273 267 > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem && 274 /usr/sbin/make-ca -r </userinput></screen>268 /usr/sbin/make-ca -r -f</userinput></screen> 275 269 276 270 </sect2> … … 301 295 is a shell script that adapts a current version of 302 296 <filename>certdata.txt</filename>, and prepares it for use 303 as the system trust store 297 as the system trust store. 304 298 </para> 305 299 <indexterm zone="make-ca make-ca"> … … 311 305 312 306 </sect2> 313 314 307 </sect1>
Note:
See TracChangeset
for help on using the changeset viewer.