Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
Mono(MozRoots)							Mono(MozRoots)

NAME
       mozroots	- Download and import trusted root certificates	from Mozilla's
       LXR into	Mono's certificate store

SYNOPSIS
       mozroots	 [--import [--machine] [--sync | --ask | --ask-add | --ask-re-
       move]]

DESCRIPTION
       This program downloads the trusted root certificates from  the  Mozilla
       LXR web site into the Mono certificate store.

       Mono  by	default	does not ship with any default certificates and	allows
       the user	to pick	its trusted certificates.  The mozroots	 command  will
       bring the Mozilla certificates into your	local machine.

OPTIONS
       --import
	      Import the certificates into the trust store.

       --sync Synchronize  (add/remove)	the trust store	with the certificates.
	      Synchronize is useful for	new Mono installations (no roots)  and
	      for  automated updates (no user confirmation for addition	or re-
	      moval).

       --ask  Always confirm before adding or removing	trusted	 certificates.
	      Note:  The  initial import will likely add about 100 new trusted
	      root certificates	into your store. You'll	have to	answer yes  to
	      every one	of them	if this	option is specified.

       --ask-add
	      Always  confirm  before adding a new trusted certificate.	 Note:
	      The initial import will likely add about 100  new	 trusted  root
	      certificates into	your store. You'll have	to answer yes to every
	      one of them if this option is specified.

       --ask-remove
	      Always confirm before removing an	existing trusted certificate.

ADVANCED OPTIONS
       --url url
	      Specify  an alternative URL for downloading the trusted certifi-
	      cates (LXR source	format). This should only be useful for	 test-
	      ing  or if the Mozilla's LXR web site address is changed.	It can
	      also be used to cache a local copy of the	LXR file into your lo-
	      cal intranet.

       --file name
	      Do not download from LXR but use the  specified  file.  This  is
	      useful if	many computers have to download	the same file from the
	      Internet.	  This	way you	can keep a local copy on a file	server
	      (and minimize network traffic).

       --pkcs7 name
	      Export the certificates into a PKCS#7 file. This is  useful  for
	      debugging	 purpose  or for re-importing the same list into other
	      software.

       --machine
	      Import the certificate in	the machine trust store.  The  default
	      is to import all trusted root certificates into the current user
	      store.

       --quiet
	      Limit  console output to errors and confirmations	messages. This
	      is useful	when scripting.

EXAMPLES
       After the initial Mono installation you'll have no trusted  roots  cer-
       tificates pre-installed.	 Neither will you have some root test certifi-
       cates  installed	 (your	own or the ones	provided by using setreg ). In
       this case the simplest thing to do, if you want to trust	all those cer-
       tificates, is to	import and synchronize.
	    $ mozroots --import	--sync
	    Mozilla Roots Importer - version 1.1.9.0
	    Download and import	trusted	root certificates from Mozilla's LXR.
	    Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.

	    Downloading	from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
	    Importing certificates into	user store...
	    93 new root	certificates were added	to your	trust store.
	    Import process completed.

       If you created some test	certificates (e.g. for using SSL/TLS with XSP)
       and/or if your enterprise requires some	additional  root  certificates
       (e.g.  intranet)	 then  you  may	 want  to skip the removal part	of the
       process.	You can	do this	by asking for a	removal	 confirmation  (--ask-
       remove option) and answer no when prompted.
	    $ mozroots --import	--ask-remove
	    Mozilla Roots Importer - version 1.1.9.0
	    Download and import	trusted	root certificates from Mozilla's LXR.
	    Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.

	    Downloading	from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
	    Importing certificates into	user store...
	    93 new root	certificates were added	to your	trust store.
	    2 previously trusted certificates were not part of the update.

	    Issuer: CN=Mono Test Root Agency
	    Serial number: 69-B0-E1-4F-88-6E-C7-85-48-0E-74-91-38-76-F4-28
	    Valid from 9/1/2003	11:55:48 AM to 12/31/2039 1:59:59 PM
	    Thumbprint SHA-1: EF-26-C2-28-11-3F-79-ED-9D-EC-3F-3B-D5-7A-26-F2-7C-9F-FA-63
	    Thumbprint MD5:   AE-19-3E-64-36-21-F2-A4-8B-69-38-CA-64-4B-2E-62
	    Are	you sure you want to remove this certificate ? no

       You can still use the synchronize option	(--sync) if you	have activated
       the default test	roots certificate on your system. They will be removed
       at the end of the synchronization process but you can quickly add them
       back with the
       setreg
       tool.
	    $ setreg 1 true

       Another	option	to  ease  updates is to	synchronize your machine trust
       store (using the	--machine option) and keep your	customized (test) cer-
       tificates in your personal store	(or vice versa). Note that every  user
       on this computer	will be	trusting all the newly imported	certificates.
	    $ mozroots --import	--machine --sync
	    Mozilla Roots Importer - version 1.1.9.0
	    Download and import	trusted	root certificates from Mozilla's LXR.
	    Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.

	    Downloading	from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
	    Importing certificates into	user store...
	    94 new root	certificates were added	to your	trust store.
	    Import process completed.

       Once the	initial	import is complete the number of changes (additions or
       removals)  is  generally	 very low. In this case	it makes sense to know
       about any changes (i.e. ask for confirmation). No confirmation will  be
       required	if no changes are made to your trust store.
	    $ mozroots --import	--ask
	    Mozilla Roots Importer - version 1.1.9.0
	    Download and import	trusted	root certificates from Mozilla's LXR.
	    Copyright 2002, 2003 Motus Technologies. Copyright 2004-2005 Novell. BSD licensed.

	    Downloading	from 'http://lxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt'...
	    Importing certificates into	user store...
	    Import process completed.

FILES
       ~/.config/.mono/certs, /usr/local/share/mono/certs

       Contains	 Mono  certificate  stores  for	users /	machine. See the cert-
       mgr(1) manual page for more information on managing certificate stores.

COPYRIGHT
       Copyright (C) 2005 Novell.

MAILING	LISTS
       Mailing lists  are  listed  at  the  http://www.mono-project.com/commu-
       nity/help/mailing-lists/

WEB SITE
       http://www.mono-project.com

SEE ALSO
       mono(1),certmgr(1).setreg(1)

								Mono(MozRoots)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=mozroots&sektion=1&manpath=FreeBSD+Ports+15.0.quarterly>

home | help