Changes in postlfs/security/make-ca.xml [31dc50d:9873d1ea]

File:

• postlfs/security/make-ca.xml (modified) (8 diffs)

postlfs/security/make-ca.xml

@@ -11 +11 @@
 
   <!ENTITY make-ca-download      "https://github.com/djlucas/make-ca/releases/download/v&make-ca-version;/make-ca-&make-ca-version;.tar.xz">
-  <!ENTITY make-ca-size          "30 KB">
-  <!ENTITY make-ca-md5sum        "957c39206ba0e9139807c5a47535747f">
+  <!ENTITY make-ca-size          "28.5 KB">
+  <!ENTITY make-ca-md5sum        "e0356f5ae5623f227a3f69b5e8848ec6">
 ]>
 
@@ -19 +19 @@
 
   <sect1info>
+    <othername>$LastChangedBy$</othername>
     <date>$Date$</date>
   </sect1info>
@@ -52 +53 @@
     </para>
 
-  &lfs110a_checked;
+  &lfs10_checked;
 
     <bridgehead renderas="sect3">Package Information</bridgehead>
@@ -221 +222 @@
     <para>
       The <filename class="directory">/etc/ssl/local</filename> directory
-      is available to add additional CA certificates to the system trust store.
-      This directory is also used to store certificates that were added to or
-      modified  in the system trust store by <xref linkend="p11-kit"/> so that
-      trust values are maintained across upgrades. Files in this directory must
-      be in the <application>OpenSSL</application> trusted certificate format.
-      Certificates imported using the <command>trust</command> utility from
-      <xref linkend="p11-kit"/> will utilize the x509 Extended Key Usage values
-      to assign default trust values for the system anchors.
-    </para>
-
-    <para>If you need to override trust values, or otherwise need to create
-      an <application>OpenSSL</application> trusted certificate manually
-      from a regular PEM encoded file, you need to add trust arguments to the
+      is available to add additional CA certificates to the system. For
+      instance, you might need to add an organization or government CA
+      certificate. Files in this directory must be in the
+      <application>OpenSSL</application> trusted certificate format. To
+      create an <application>OpenSSL</application> trusted certificate from
+      a regular PEM encoded file, you need to add trust arguments to the
       <command>openssl</command> command, and create a new certificate. For
       example, using the <ulink url="http://www.cacert.org/">CAcert</ulink>
@@ -250 +244 @@
         -addtrust serverAuth -addtrust emailProtection -addtrust codeSigning \
         > /etc/ssl/local/CAcert_Class_3_root.pem &amp;&amp;
-/usr/sbin/make-ca -r</userinput></screen>
+/usr/sbin/make-ca -r -f</userinput></screen>
 
     <bridgehead renderas="sect3">Overriding Mozilla Trust</bridgehead>
@@ -272 +266 @@
              -addreject codeSigning \
        > /etc/ssl/local/Disabled_Makebelieve_CA_Root.pem &amp;&amp;
-/usr/sbin/make-ca -r</userinput></screen>
+/usr/sbin/make-ca -r -f</userinput></screen>
 
   </sect2>
@@ -301 +295 @@
             is a shell script that adapts a current version of
             <filename>certdata.txt</filename>, and prepares it for use
-            as the system trust store
+            as the system trust store.
           </para>
           <indexterm zone="make-ca make-ca">
@@ -311 +305 @@
 
   </sect2>
-
 </sect1>