Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
CERTCTL(8)		    System Manager's Manual		    CERTCTL(8)

NAME
       certctl -- tool for managing trusted and	untrusted TLS certificates

SYNOPSIS
       certctl [-v] list
       certctl [-v] untrusted
       certctl [-nUv] [-D destdir] [-M metalog]	rehash
       certctl [-nv] untrust file
       certctl [-nv] trust file

DESCRIPTION
       The  certctl  utility  manages  the list	of TLS Certificate Authorities
       that are	trusted	by applications	that use OpenSSL.

       Flags:

       -D destdir
	     Specify the DESTDIR (overriding values from the environment).

       -d distbase
	     Specify the DISTBASE (overriding values from the environment).

       -M metalog
	     Specify the path of the METALOG file (default: $DESTDIR/METALOG).

       -n    No-Op mode, do not	actually perform any actions.

       -v    Be	verbose, print details about actions before performing them.

       -U    Unprivileged mode,	do not change the ownership of created	links.
	     Do	record the ownership in	the METALOG file.

       Primary command functions:

       list	  List all currently trusted certificate authorities.

       untrusted  List all currently untrusted certificates.

       rehash	  Rebuild the list of trusted certificate authorities by scan-
		  ning all directories in TRUSTPATH and	all untrusted certifi-
		  cates	 in UNTRUSTPATH.  A symbolic link to each trusted cer-
		  tificate is placed in	CERTDESTDIR and	 each  untrusted  cer-
		  tificate in UNTRUSTDESTDIR.

       untrust	  Add the specified file to the	untrusted list.

       trust	  Remove the specified file from the untrusted list.

ENVIRONMENT
       DESTDIR	       Alternate destination directory to operate on.

       DISTBASE	       Additional  path	component to include when operating on
		       certificate directories.

       TRUSTPATH       List of paths to	search for trusted certificates.   De-
		       fault:	   <DESTDIR><DISTBASE>/usr/share/certs/trusted
		       <DESTDIR><DISTBASE>/usr/local/share/certs
		       <DESTDIR><DISTBASE>/usr/local/etc/ssl/certs

       UNTRUSTPATH     List of paths to	 search	 for  untrusted	 certificates.
		       Default:	 <DESTDIR><DISTBASE>/usr/share/certs/untrusted
		       <DESTDIR><DISTBASE>/usr/local/etc/ssl/untrusted
		       <DESTDIR><DISTBASE>/usr/local/etc/ssl/blacklisted

       CERTDESTDIR     Destination directory for  symbolic  links  to  trusted
		       certificates.				      Default:
		       <DESTDIR><DISTBASE>/etc/ssl/certs

       UNTRUSTDESTDIR  Destination directory for symbolic links	 to  untrusted
		       certificates.				      Default:
		       <DESTDIR><DISTBASE>/etc/ssl/untrusted

       EXTENSIONS      List of file extensions to read as  certificate	files.
		       Default:	*.pem *.crt *.cer *.crl	*.0

SEE ALSO
       openssl(1)

HISTORY
       certctl first appeared in FreeBSD 12.2

AUTHORS
       Allan Jude <allanjude@freebsd.org>

FreeBSD	13.2			 July 13, 2022			    CERTCTL(8)
NAME | SYNOPSIS | DESCRIPTION | ENVIRONMENT | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=certctl&manpath=FreeBSD+14.2-RELEASE+and+Ports>

home | help