michael@0: '\" t
michael@0: .\"     Title: VFYCHAIN
michael@0: .\"    Author: [see the "Authors" section]
michael@0: .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
michael@0: .\"      Date:  5 June 2014
michael@0: .\"    Manual: NSS Security Tools
michael@0: .\"    Source: nss-tools
michael@0: .\"  Language: English
michael@0: .\"
michael@0: .TH "VFYCHAIN" "1" "5 June 2014" "nss-tools" "NSS Security Tools"
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" * Define some portability stuff
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
michael@0: .\" http://bugs.debian.org/507673
michael@0: .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
michael@0: .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
michael@0: .ie \n(.g .ds Aq \(aq
michael@0: .el       .ds Aq '
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" * set default formatting
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" disable hyphenation
michael@0: .nh
michael@0: .\" disable justification (adjust text to left margin only)
michael@0: .ad l
michael@0: .\" -----------------------------------------------------------------
michael@0: .\" * MAIN CONTENT STARTS HERE *
michael@0: .\" -----------------------------------------------------------------
michael@0: .SH "NAME"
michael@0: vfychain_ \- vfychain [options] [revocation options] certfile [[options] certfile] \&.\&.\&.
michael@0: .SH "SYNOPSIS"
michael@0: .HP \w'\fBvfychain\fR\ 'u
michael@0: \fBvfychain\fR
michael@0: .SH "STATUS"
michael@0: .PP
michael@0: This documentation is still work in progress\&. Please contribute to the initial review in
michael@0: \m[blue]\fBMozilla NSS bug 836477\fR\m[]\&\s-2\u[1]\d\s+2
michael@0: .SH "DESCRIPTION"
michael@0: .PP
michael@0: The verification Tool,
michael@0: \fBvfychain\fR, verifies certificate chains\&.
michael@0: \fBmodutil\fR
michael@0: can add and delete PKCS #11 modules, change passwords on security databases, set defaults, list module contents, enable or disable slots, enable or disable FIPS 140\-2 compliance, and assign default providers for cryptographic operations\&. This tool can also create certificate, key, and module security database files\&.
michael@0: .PP
michael@0: The tasks associated with security module database management are part of a process that typically also involves managing key databases and certificate databases\&.
michael@0: .SH "OPTIONS"
michael@0: .PP
michael@0: \fB\-a\fR
michael@0: .RS 4
michael@0: the following certfile is base64 encoded
michael@0: .RE
michael@0: .PP
michael@0: \fB\-b \fR \fIYYMMDDHHMMZ\fR
michael@0: .RS 4
michael@0: Validate date (default: now)
michael@0: .RE
michael@0: .PP
michael@0: \fB\-d \fR \fIdirectory\fR
michael@0: .RS 4
michael@0: database directory
michael@0: .RE
michael@0: .PP
michael@0: \fB\-f \fR
michael@0: .RS 4
michael@0: Enable cert fetching from AIA URL
michael@0: .RE
michael@0: .PP
michael@0: \fB\-o \fR \fIoid\fR
michael@0: .RS 4
michael@0: Set policy OID for cert validation(Format OID\&.1\&.2\&.3)
michael@0: .RE
michael@0: .PP
michael@0: \fB\-p \fR
michael@0: .RS 4
michael@0: Use PKIX Library to validate certificate by calling:
michael@0: .sp
michael@0: * CERT_VerifyCertificate if specified once,
michael@0: .sp
michael@0: * CERT_PKIXVerifyCert if specified twice and more\&.
michael@0: .RE
michael@0: .PP
michael@0: \fB\-r \fR
michael@0: .RS 4
michael@0: Following certfile is raw binary DER (default)
michael@0: .RE
michael@0: .PP
michael@0: \fB\-t\fR
michael@0: .RS 4
michael@0: Following cert is explicitly trusted (overrides db trust)
michael@0: .RE
michael@0: .PP
michael@0: \fB\-u \fR \fIusage\fR
michael@0: .RS 4
michael@0: 0=SSL client, 1=SSL server, 2=SSL StepUp, 3=SSL CA, 4=Email signer, 5=Email recipient, 6=Object signer, 9=ProtectedObjectSigner, 10=OCSP responder, 11=Any CA
michael@0: .RE
michael@0: .PP
michael@0: \fB\-T \fR
michael@0: .RS 4
michael@0: Trust both explicit trust anchors (\-t) and the database\&. (Without this option, the default is to only trust certificates marked \-t, if there are any, or to trust the database if there are certificates marked \-t\&.)
michael@0: .RE
michael@0: .PP
michael@0: \fB\-v \fR
michael@0: .RS 4
michael@0: Verbose mode\&. Prints root cert subject(double the argument for whole root cert info)
michael@0: .RE
michael@0: .PP
michael@0: \fB\-w \fR \fIpassword\fR
michael@0: .RS 4
michael@0: Database password
michael@0: .RE
michael@0: .PP
michael@0: \fB\-W \fR \fIpwfile\fR
michael@0: .RS 4
michael@0: Password file
michael@0: .RE
michael@0: .PP
michael@0: .RS 4
michael@0: Revocation options for PKIX API (invoked with \-pp options) is a collection of the following flags: [\-g type [\-h flags] [\-m type [\-s flags]] \&.\&.\&.] \&.\&.\&.
michael@0: .sp
michael@0: Where:
michael@0: .RE
michael@0: .PP
michael@0: \fB\-g \fR \fItest\-type\fR
michael@0: .RS 4
michael@0: Sets status checking test type\&. Possible values are "leaf" or "chain"
michael@0: .RE
michael@0: .PP
michael@0: \fB\-g \fR \fItest type\fR
michael@0: .RS 4
michael@0: Sets status checking test type\&. Possible values are "leaf" or "chain"\&.
michael@0: .RE
michael@0: .PP
michael@0: \fB\-h \fR \fItest flags\fR
michael@0: .RS 4
michael@0: Sets revocation flags for the test type it follows\&. Possible flags: "testLocalInfoFirst" and "requireFreshInfo"\&.
michael@0: .RE
michael@0: .PP
michael@0: \fB\-m \fR \fImethod type\fR
michael@0: .RS 4
michael@0: Sets method type for the test type it follows\&. Possible types are "crl" and "ocsp"\&.
michael@0: .RE
michael@0: .PP
michael@0: \fB\-s \fR \fImethod flags\fR
michael@0: .RS 4
michael@0: Sets revocation flags for the method it follows\&. Possible types are "doNotUse", "forbidFetching", "ignoreDefaultSrc", "requireInfo" and "failIfNoInfo"\&.
michael@0: .RE
michael@0: .SH "ADDITIONAL RESOURCES"
michael@0: .PP
michael@0: For information about NSS and other tools related to NSS (like JSS), check out the NSS project wiki at
michael@0: \m[blue]\fBhttp://www\&.mozilla\&.org/projects/security/pki/nss/\fR\m[]\&. The NSS site relates directly to NSS code changes and releases\&.
michael@0: .PP
michael@0: Mailing lists: https://lists\&.mozilla\&.org/listinfo/dev\-tech\-crypto
michael@0: .PP
michael@0: IRC: Freenode at #dogtag\-pki
michael@0: .SH "AUTHORS"
michael@0: .PP
michael@0: The NSS tools were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google\&.
michael@0: .PP
michael@0: Authors: Elio Maldonado <emaldona@redhat\&.com>, Deon Lackey <dlackey@redhat\&.com>\&.
michael@0: .SH "LICENSE"
michael@0: .PP
michael@0: Licensed under the Mozilla Public License, v\&. 2\&.0\&. If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla\&.org/MPL/2\&.0/\&.
michael@0: .SH "NOTES"
michael@0: .IP " 1." 4
michael@0: Mozilla NSS bug 836477
michael@0: .RS 4
michael@0: \%https://bugzilla.mozilla.org/show_bug.cgi?id=836477
michael@0: .RE