|
 |
77503b |
////
|
|
|
77503b |
Copyright (C) 2013 Red Hat, Inc.
|
|
|
77503b |
|
|
|
77503b |
This program is free software; you can redistribute it and/or modify
|
|
|
77503b |
it under the terms of the GNU General Public License as published by
|
|
|
77503b |
the Free Software Foundation; either version 2 of the License, or
|
|
|
77503b |
(at your option) any later version.
|
|
|
77503b |
|
|
|
77503b |
This program is distributed in the hope that it will be useful,
|
|
|
77503b |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
77503b |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
77503b |
GNU General Public License for more details.
|
|
|
77503b |
////
|
|
|
77503b |
|
|
|
77503b |
|
|
|
77503b |
ca-legacy(8)
|
|
|
77503b |
============
|
|
|
77503b |
:doctype: manpage
|
|
|
77503b |
:man source: ca-legacy
|
|
|
77503b |
|
|
|
77503b |
|
|
|
77503b |
NAME
|
|
|
77503b |
----
|
|
|
77503b |
ca-legacy - Manage the system configuration for legacy CA certificates
|
|
|
77503b |
|
|
|
77503b |
|
|
|
77503b |
SYNOPSIS
|
|
|
77503b |
--------
|
|
|
77503b |
*ca-legacy* ['COMMAND']
|
|
|
77503b |
|
|
|
77503b |
|
|
|
77503b |
DESCRIPTION
|
|
|
77503b |
-----------
|
|
|
77503b |
ca-legacy(8) is used to include or exclude a set of legacy Certificate Authority (CA)
|
|
|
77503b |
certificates in the system's list of trusted CA certificates.
|
|
|
77503b |
|
|
|
77503b |
The list of CA certificates and trust flags included in the ca-certificates package
|
|
|
77503b |
are based on the decisions made by Mozilla.org according to the Mozilla CA policy.
|
|
|
77503b |
|
|
|
77503b |
Occasionally, removal or distrust decisions made by Mozilla.org might be incompatible with the requirements
|
|
|
77503b |
or limitations of some applications that also use the CA certificates list in the Linux environment.
|
|
|
77503b |
|
|
|
77503b |
The ca-certificates package might keep some CA certificates included and trusted by default,
|
|
|
77503b |
as long as it is seen necessary by the maintainers, despite the fact that they have
|
|
|
77503b |
been removed by Mozilla. These certificates are called legacy CA certificates.
|
|
|
77503b |
|
|
|
77503b |
The general requirements to keep legacy CA certificates included and trusted might change over time,
|
|
|
77503b |
for example if functional limitations of software packages have been resolved.
|
|
|
77503b |
Future versions of the ca-certificates package might reduce the set of legacy CA certificates
|
|
|
77503b |
that are included and trusted by default.
|
|
|
77503b |
|
|
|
77503b |
The ca-legacy(8) command can be used to override the default behaviour.
|
|
|
77503b |
|
|
|
77503b |
The mechanisms to individually trust or distrust CA certificates as described in update-ca-trust(8) still apply.
|
|
|
77503b |
|
|
|
77503b |
|
|
|
77503b |
COMMANDS
|
|
|
77503b |
--------
|
|
|
77503b |
*check*::
|
|
|
77503b |
The current configuration will be shown.
|
|
|
77503b |
|
|
|
77503b |
*default*::
|
|
|
77503b |
Configure the system to use the default configuration, as recommended
|
|
|
77503b |
by the package maintainers.
|
|
|
77503b |
|
|
|
77503b |
*disable*::
|
|
|
77503b |
Configure the system to explicitly disable legacy CA certificates.
|
|
|
77503b |
Using this configuration, the system will use the set of
|
|
|
77503b |
included and trusted CA certificates as released by Mozilla.
|
|
|
77503b |
|
|
|
77503b |
*install*::
|
|
|
77503b |
The configuration file will be read and the system configuration
|
|
|
77503b |
will be set accordingly. This command is executed automatically during
|
|
|
77503b |
upgrades of the ca-certificates package.
|
|
|
77503b |
|
|
|
77503b |
|
|
|
77503b |
FILES
|
|
|
77503b |
-----
|
|
|
77503b |
/etc/pki/ca-trust/ca-legacy.conf::
|
|
|
77503b |
A configuration file that will be used and modified by the ca-legacy command.
|
|
|
77503b |
The contents of the configuration file will be read on package upgrades.
|
|
|
77503b |
|
|
|
77503b |
AUTHOR
|
|
|
77503b |
------
|
|
|
77503b |
Written by Kai Engert.
|