mozilla
Your Search Results

    NSS tools : vfychain

    Name

    vfychain — vfychain [options] [revocation options] certfile [[options]
    certfile] ...

    Synopsis

    vfychain

    Description

    The verification Tool, vfychain, verifies certificate chains. modutil can
    add and delete PKCS #11 modules, change passwords on security databases,
    set defaults, list module contents, enable or disable slots, enable or
    disable FIPS 140-2 compliance, and assign default providers for
    cryptographic operations. This tool can also create certificate, key, and
    module security database files.

    The tasks associated with security module database management are part of
    a process that typically also involves managing key databases and
    certificate databases.

    Options

    -a
    the following certfile is base64 encoded

    -b YYMMDDHHMMZ
    Validate date (default: now)

    -d directory
    database directory

    -f
    Enable cert fetching from AIA URL

    -o oid
    Set policy OID for cert validation(Format OID.1.2.3)

    -p

    Use PKIX Library to validate certificate by calling:

    * CERT_VerifyCertificate if specified once,

    * CERT_PKIXVerifyCert if specified twice and more.

    -r
    Following certfile is raw binary DER (default)

    -t
    Following cert is explicitly trusted (overrides db trust)

    -u usage

    0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email
    signer, 5=Email recipient, 6=Object signer,
    9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA

    -v
    Verbose mode. Prints root cert subject(double the argument for
    whole root cert info)

    -w password
    Database password

    -W pwfile
    Password file

    Revocation options for PKIX API (invoked with -pp options) is a
    collection of the following flags: [-g type [-h flags] [-m type
    [-s flags]] ...] ...

    Where:

    -g test-type
    Sets status checking test type. Possible values are "leaf" or
    "chain"

    -g test type
    Sets status checking test type. Possible values are "leaf" or
    "chain".

    -h test flags
    Sets revocation flags for the test type it follows. Possible
    flags: "testLocalInfoFirst" and "requireFreshInfo".

    -m method type
    Sets method type for the test type it follows. Possible types are
    "crl" and "ocsp".

    -s method flags
    Sets revocation flags for the method it follows. Possible types
    are "doNotUse", "forbidFetching", "ignoreDefaultSrc",
    "requireInfo" and "failIfNoInfo".

    Additional Resources

    For information about NSS and other tools related to NSS (like JSS), check
    out the NSS project wiki at
    [1]http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates
    directly to NSS code changes and releases.

    Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto

    IRC: Freenode at #dogtag-pki

    Authors

    The NSS tools were written and maintained by developers with Netscape, Red
    Hat, and Sun.

    Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey
    <dlackey@redhat.com>.

    Copyright

    (c) 2010, Red Hat, Inc. Licensed under the GNU Public License version 2.

    References

    Visible links
    1. http://www.mozilla.org/projects/security/pki/nss/

    Document Tags and Contributors

    Contributors to this page: Sheppy, emaldona@redhat.com
    Last updated by: Sheppy,