Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CERTCTL(8)		FreeBSD	System Manager's Manual		    CERTCTL(8)

NAME
     certctl --	tool for managing trusted and blacklist	TLS certificates

SYNOPSIS
     certctl [-v] list
     certctl [-v] blacklisted
     certctl [-nv] rehash
     certctl [-nv] blacklist file
     certctl [-nv] unblacklist file

DESCRIPTION
     The certctl utility manages the list of TLS Certificate Authorities that
     are trusted by applications that use OpenSSL.

     Flags:

     -n	   No-Op mode, do not actually perform any actions.

     -v	   be verbose, print details about actions before performing them.

     Primary command functions:

     list	  List all currently trusted certificate authorities.

     blacklisted  List all currently blacklisted certificates.

     rehash	  Rebuild the list of trusted certificate authorities by scan-
		  ning all directories in TRUSTPATH and	all blacklisted	cer-
		  tificates in BLACKLISTPATH.  A symbolic link to each trusted
		  certificate is placed	in CERTDESTDIR and each	blacklisted
		  certificate in BLACKLISTDESTDIR.

     blacklist	  Add the specified file to the	blacklist.

     unblacklist  Remove the specified file from the blacklist.

ENVIRONMENT
     DESTDIR	       Alternate destination directory to operate on.

     TRUSTPATH	       List of paths to	search for trusted certificates.  De-
		       fault: _DESTDIR_/usr/share/certs/trusted
		       _DESTDIR_/usr/local/share/certs
		       _DESTDIR_/usr/local/etc/ssl/certs

     BLACKLISTPATH     List of paths to	search for blacklisted certificates.
		       Default:	_DESTDIR_/usr/share/certs/blacklisted
		       _DESTDIR_/usr/local/etc/ssl/blacklisted

     CERTDESTDIR       Destination directory for symbolic links	to trusted
		       certificates.  Default: _DESTDIR_/etc/ssl/certs

     BLACKLISTDESTDIR  Destination directory for symbolic links	to blacklisted
		       certificates.  Default: _DESTDIR_/etc/ssl/blacklisted

     EXTENSIONS	       List of file extensions to read as certificate files.
		       Default:	*.pem *.crt *.cer *.crl	*.0

SEE ALSO
     openssl(1)

HISTORY
     certctl first appeared in FreeBSD 12.0

AUTHORS
     Allan Jude	<allanjude@freebsd.org>

FreeBSD	13.0		       February	19, 2019		  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | ENVIRONMENT | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=certctl&sektion=8&manpath=FreeBSD+11.4-RELEASE>

home | help