-
Notifications
You must be signed in to change notification settings - Fork 21
/
update-ca-certificates.8
68 lines (68 loc) · 2.3 KB
/
update-ca-certificates.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
.\" Hey, EMACS: -*- nroff -*-
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH UPDATE-CA-CERTIFICATES 8 "27 April 2010"
.\" Please adjust this date whenever revising the manpage.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for manpage-specific macros, see man(7)
.SH NAME
update-ca-certificates \- update system CA certificates
.SH SYNOPSIS
.B update-ca-certificates
.RI [ options ]
.SH DESCRIPTION
\fBupdate-ca-certificates\fP is intended to keep the certificate stores of
various components in sync with the system CA certificates.
.PP
The canonical source of CA certificates is what p11-kit knows about.
By default p11-kit looks into /usr/share/pki/anchors
resp /etc/pki/trust/anchors but there could be other plugins that
serve as source for certificates as well.
.PP
To blacklist certificates symlinks to the respective certificates
can be placed in /etc/pki/trust/blacklist
.PP
\fBupdate-ca-certificates\fP invokes
custom hooks in /usr/lib/ca-certificates/update.d/*.run and
/etc/ca-certificates/update.d/*.run to generate various certificate storages as
used by different programs. The command line options used for invoking
update-ca-certificates are passed to the hooks as well.
.SH OPTIONS
A summary of options is included below.
.TP
.B \-h, \-\-help
Show summary of options.
.TP
.B \-v, \-\-verbose
Be verbose. Output \fBc_rehash\fP.
.TP
.B \-r, \-\-root <Directory>
Root Directory to use (defaults to / if not specified).
.TP
.B \-f, \-\-fresh
Fresh updates. Don't update stores incrementally but create from scratch.
.SH FILES
.TP
.I /usr/share/pki/trust/anchors
Directory of CA certificate trust anchors.
.TP
.I /usr/share/pki/trust/blacklist
Directory of blacklisted CA certificates
.TP
.I /etc/pki/trust/anchors
Directory of CA certificate trust anchors for use by the admin
.TP
.I /etc/pki/trust/blacklist
Directory of blacklisted CA certificates for use by the admin
.SH SEE ALSO
.BR c_rehash (1),